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Abstract 

We classify programming languages according to evaluation order: 
each language fixes one evaluation order as the default, making it 
transparent to program in that evaluation order, and troublesome to 
program in the other. 

This paper develops a type system that is impartial with respect 
to evaluation order. Evaluation order is implicit in terms, and ex¬ 
plicit in types, with by-value and by-name versions of type connec¬ 
tives. A form of intersection type quantifies over evaluation orders, 
describing code that is agnostic over (that is, polymorphic in) eval¬ 
uation order. By allowing such generic code, programs can express 
the by-value and by-name versions of a computation without code 
duplication. 

We also formulate a type system that only has by-value connec¬ 
tives, plus a type that generalizes the difference between by-value 
and by-name connectives: it is either a suspension (by name) or 
a “no-op” (by value). We show a straightforward encoding of the 
impartial type system into the more economical one. Then we de¬ 
fine an elaboration from the economical language to a call-by-value 
semantics, and prove that elaborating a well-typed source program, 
where evaluation order is implicit, produces a well-typed target pro¬ 
gram where evaluation order is explicit. We also prove a simulation 
between evaluation of the target program and reductions (either by¬ 
value or by-name) in the source program. 

Finally, we prove that typing, elaboration, and evaluation are 
faithful to the type annotations given in the source program: if the 
programmer only writes by-value types, no by-name reductions can 
occur at run time. 

Categories and Subject Descriptors F.3.3 [Mathematical Logic and 
Formal Languages]: Studies of Program Constructs—Type structure 
Keywords evaluation order, intersection types, polymorphism 

1. Introduction 

It is customary to distinguish languages according to how they 
pass function arguments. We tend to treat this as a basic taxo¬ 
nomic distinction: for example, OCaml is a call-by-value language, 
while Haskell is call-by-need. Yet this taxonomy has been dubious 
from the start: Algol-60, in which arguments were call-by-name by 
default, also supported call-by-value. For the A-calculus, iPlotkinl 
l il975f) showed how to use administrative reductions to translate a 
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cbv program into one that behaves equivalently under cbn evalua¬ 
tion, and vice versa. Thus, one can write a call-by-name program 
in a call-by-value language, and a call-by-value program in a call- 
by-name language, but at the price of administrative burdens: creat¬ 
ing and forcing thunks (to simulate call-by-name), or using special 
strict forms of function application, binding, etc. (to simulate call- 
by-value). 

But programmers rarely want to encode an entire program into a 
different evaluation order. Rather, the issue is how to use the other 
evaluation order in part of a program. For example, game search 
can be expressed elegantly using a lazy tree, but in an ordinary 
call-by-value language one must explicitly create and force thunks. 
Conversely, a big advantage of call-by-value semantics is the rela¬ 
tive ease of reasoning about cost (time and space); to recover some 
of this ease of reasoning, languages that are not call-by-value often 
have strict versions of function application and strictness annota¬ 
tions on types. 

An impartial type system. For any given language, the language 
designers’ favourite evaluation order is the linguistically unmarked 
case. Programmers are not forced to use that order, but must do 
extra work to use another, even in languages with mechanisms 
specifically designed to mitigate these burdens, such as a lazy 
keyword (Wad ler et al,lll998h . 

The first step we’ll take in this paper is to stop playing favourites: 
our source language allows each evaluation order to be used as eas¬ 
ily as the other. Our impartial type system includes by-value and 
by-name versions of function types (—t, —»), product types (* v , 
* N ), sum types (+ v , + N ) and recursive types (p v , p. ). Using bidi¬ 
rectional typing, which distinguishes checking and inference, we 
can use information found in the types of functions to determine 
whether an unmarked A or application should be interpreted as 
call-by-name or call-by-value. 

What if we want to define the same operation over both eval¬ 
uation orders, say compose, or append (that is, for strict and lazy 
lists)? Must we write two identical versions, with nearly-identical 
type annotations? No: We can use polymorphism based on intersec¬ 
tion types. The abstruse reputation of intersection ty pes is belied by 
a straightforward form ulation as implic it products (Dunfield 2014) . 
a notion also used by Che n et all d2014l) to express polymorphism 
over a finite set of levels (though without using the word “inter¬ 
section”). In these papers’ type systems, elaboration takes a poly¬ 
morphic source program and produces a target p rogram ex plicitly 
specifying necessary, but tedious, constructs. For lDunfield (201 40. 
the extra constructs introduce and eliminate the products that were 
implicit in the source language; for lChen et all ( 2014 ). the extra 
constructs support a dynamic dependency graph for efficient incre¬ 
mental computation. 

In this paper, we express the intersection type A as a universal 
quantifier over evaluation orders. For example, the type /Ja. int —> 
int corresponds to (int A int) A (int A int). Thus, we can 
type code that is generic over evaluation orders. Datatype defini- 
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Figure 1. Encoding and elaboration 


tions, expressed as recursive/sum types, can also be polymorphic 
in evaluation order; for example, operations on binary search trees 
can be written just once. Much of the theory in this paper fol¬ 
lows smoothly from existing work on intersection types, particu¬ 
larly [Dunfiekl l l 20141) . However, since we only consider intersec¬ 
tions equivalent to the quantified type fla. A, our intersected types 
have parametric structure: they differ only in the evaluation or¬ 
ders decorating the connectives. This limitation, a cousin of the 
re/zneraenr^ejfncr/onhidatasortrefinement_s^stems_(Freeman and 
Pfenning iTwiT D aviesl 120051). av oids the need for a merge con¬ 
struct (Reynolds 1996; Dunlield d 20141) and the issues that arise 
from it. 


A simple, fine-grained type system. The source language just 
described meets our goal of impartiality, but the large number of 
connectives yields a slightly unwieldy type system. Fortunately, we 
can refine this system by abstracting out the differences between the 
by-name and by-value versions of each connective. That is, each 
by-name connective corresponds to a by-value connective with 
suspensions (thunks) added: the by-name function type Si A S 2 
corresponds to (U Si) —> S 2 where —> is by-value, whereas 

Si —> S 2 is simply Si —> S 2 . Here, U Si is a thunk type — 
essentially 1 —> S 1 . We realize this difference through a connective 
e^-S, read “e suspend S”, where N^-S corresponds to U S and 
V^-S is equivalent to S. This gives an economical type system with 
call-by-value versions of the usual connectives (—», *, +, p), plus 
e^S. This type system is biased towards call-by-value (with call- 
by-name being “marked”), but we can easily encode the impartial 
connectives: Si A S 2 becomes (e^-Si) —> S 2 , the sum type 
Si + € S 2 becomes e^(Si + S 2 ), etc. 

Another advantage of this type system is that, in combination 
with polymorphism, it is simple to define variants of data structures 
that mix different evaluation orders. For example, a single list 
definition can encompass lists with strict “next pointers” (so that 
“walking” the list is guaranteed linear time) and lazy elements (so 
that examining the element may not be constant time), as well as 
lists with lazy “next pointers” and strict contents (so that “walking” 
the list is not guaranteed linear—but once a cons cell has been 
produced, its element can be accessed in constant time). 

Having arrived at this economical type system for source pro¬ 
grams, in which evaluation order is implicit in terms, we develop 
an elaboration that produces a target program in which evaluation 
order is explicit: thunks are explicitly created and forced, and mul¬ 
tiple versions of functions—by-value and by-name—are generated 
and selected explicitly. 


Contributions. This paper makes the following contributions: 

(O We define an impartial source language and type system that 
are equally suited to call-by-value and call-by-name. Using a 
type /ja.T that quantifies over evaluation orders a, program¬ 
mers can define data structures and functions that are generic 
over evaluation order. The type system is bidirectional, alter¬ 
nating between checking an expression against a known type 
(derived from a type annotation) and synthesizing a type from 
an expression. 

()Q} Shifting to a call-by-value perspective, we abstract out the 
suspensions implicit in the by-name connectives, yielding 
a smaller economical type system , also suitable for a (non- 
impartial) source language. We show that programs well-typed 
in the impartial type system remain well-typed in the econom¬ 
ical type system. Evaluation order remains implicit in terms, 
and is specified only in type annotations, using the suspension 
point e^S. 

((0 We give elaboration typing rules from the economical type 
system into target programs with fully explicit evaluation order. 
We prove that, given a well-typed source program, the result of 
the translation is well-typed in a call-by-value target language 
(Sectional. 

({j6} We prove that the target program behaves like the source pro¬ 
gram: when the target takes a step from M to M/, the source 
program that elaborated to M takes some number of steps, 
yielding an expression that elaborates to M.'. We also prove that 
if a program is typed (in the economical type system) without 
by-name suspensions, the source program can take only “by¬ 
value steps” possible in a cbv semantics. This result exploits a 
kind of subformula property of the bidirectional type system. 
Finally, we prove that if a program is impartially typed with¬ 
out using by-value connectives, it can be economically typed 
without by-name suspensions. 

Figure Q] shows the structure of our approach. 

Extended version with appendices. Proofs omitted from the main 

paper for space reasons can be found in lDunfiekl d2015l ). 

2. Source Language and Impartial Type System 

Program variables x 

Source expressions e ::= () [ x | u | Ax. e | ei @ e 2 | fix u. e 
| Aa. e | e[r] | (e:T) 

[ (ei , e 2 > | projk e 
| injk e | case(e, xi .ei , X 2 .e 2 ) 


Figure 2. Impartial source language syntax 
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Figure 3. Impartial types for the source language 

In our source language (Figure |2j, expressions e are the unit 
value (), variables x, abstraction Ax. e, application ei @ e 2 , fixed 
points fix u. e with fixed point variables u, pairs and projections. 
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and sums inji< e with conditionals case(e, xi .ei , X 2 .ei) (short¬ 
hand for case e of inji xi =$• ei 1 inj 2 X 2 =#■ e 2 ). Both of our type 
systems for this source language—the impartial type system in this 
section, and the economical type system of Section [3]— have fea¬ 
tures not evident from the source syntax: polymorphism over eval¬ 
uation orders, and recursive types. 

2.1 Values 

If we wanted a standard call-by-value language, we would give 
a grammar for values, and use values to define the operational 
semantics (and to impose a value restriction on polymorphism 
introduction). But we want an impartial language, which means 
that a function argument x is a value only if the function is being 
typed under call-by-value. That is, when checking (Ax. e) against 

type (t —> t), the variable x should be considered a value (it will 
be replaced with a value at run time), but when checking against 

(t A t), it should not be considered a value (it could be replaced 
with a non-value at run time). Since “valueness” depends on typing, 
our typing judgments will have to carry information about whether 
an expression should be considered a value. 

We will also use valueness to impose a value restriction on 
polymorphism over evaluation orders, as well as polymorphism 
over types; see Section [231 In contrast, our operational semantics 
for the source language (Section [2.4I >. which permits two flavours 
(by-value and by-name) of reductions, will use a standard syntactic 
definition of values in the by-value reductions. 

2.2 An Impartial Type System 

In terms of evaluation order, the expressions in Figure[2]are a blank 
slate. You can imagine them as having whichever evaluation order 
you prefer. You can write down the typing rules for functions, pairs 
and sums, and you will get the same rules regardless of which 
evaluation order you chose. This is the conceptual foundation for 
many functional languages: start with the simply-typed A-calculus, 
choose an evaluation order, and build up the language from there [] 
Our goal here is to allow different evaluation orders to be mixed. 
As a first approximation, we can try to put evaluation orders in the 
type system simply by decorating all the connectives. For example, 
in place of the standard —^-introduction rule 

Y, x : ti F e : T 2 
y h (Ax. e) : (ti —> T 2 ) 

we can decorate —» with an evaluation order e (either V or N): 
y, x : Ti h e : T 2 
y h (Ax. e) : (ti A T 2 ) 

Products *, sums +, and recursive types p follow similarly. 

We add a universal quantifier fla. t over evaluation orderfl Its 
rules follow the usual type-assignment rules for V: the introduction 
rule is parametric over an arbitrary evaluation order a, and the 


1 The choice need not be easy. The first call-by-name language, Algol 60, 
also supported call-by-value. It seems that call-by-value was the language 
committee’s preferred default, but Peter Naur, the editor of the Algol 60 
report, independently reversed that dec ision —which he said was merely 
one of a “few matters of detail” iWexelblatl1198li p. 112). A committee 
member. F.L. Bauer, said this showed that Naur “had absorbed the Holy 
Ghost after the Paris meeting... there was n othing one could do... it was to 
be swallowed for the sake of loyalty.” [Wexelblalfl98ll p. 130). 

- The Cyrillic letter fl, transliterated into English as D, bears some resem¬ 
blance to an A (and thus to V); more interestingly, it is the first letter of 
the Russian word fla (da). Many non-Russian speakers know that this word 
means “yes”, but another meaning is “and”, connecting it to intersection 
types. 


elimination rule replaces a with a particular evaluation order £: 

•y, a evalorder h e : t y b e : (]a.T yhe eva lorder 

y b e : fla.x y h e : [e/a]T 

These straightforward rules have a couple of issues: 

• Whether a program diverges can depend on whether it is run 
under call-by-value, or call-by-name. The simply-typed A- 
calculus has the same typing rules for call-by-value and call- 
by-name, because those rules cannot distinguish programs that 
return something from programs that diverge. Since we want 
to elaborate to call-by-value or call-by-name depending on 
which type appeared, evaluation depends on the particular typ¬ 
ing derivation. Suppose that evaluation of e 2 diverges, and that 
f is bound to (Ax. ei). Then whether f 0 e 2 diverges depends 

on whether the type of f has A or —The above rules allow 
a compiler to make either choice. Polymorphism in the form 
of aggravates the problem: it is tempting to infer for f the 
principal type fla. ■ • ■ —> • • •; the compiler can then choose 
how to instantiate a at each of f’s call sites. Allowing such code 
is one of this paper’s goals, but only when the programmer 
knows that either evaluation order is sensible and has written 
an appropriate type annotation or module signature. 

We resolve this through bidirectional typing, which ensures that 
quantifiers are introduced only via type annotation (a kind of 
subformula property). Internal details of the typing derivation 
still affect elaboration, and thus evaluation, but the internal 
details will be consistent with programmers’ expressed intent. 

• If we extend the language with effects, we may need a value 
restriction in certain rules. For example, mutable references 
will break type safety unless we add a value restriction to the 
introduction rules forV and fl. 

A traditional value restriction ( iWrightil 19951) would simply re¬ 
quire changing e to v in the introduction rules, where v is a 
class of syntactic values. In our setting, whether a variable x is 
a value depends on typing, so a value restriction is less straight¬ 
forward. We resolve this by extending the typing judgment with 
information about whether the expression is a value. 

Bidirectional typing. We can refine the traditional typing judg¬ 
ment into checking and synthesis judgments. In the checking judg¬ 
ment e 4= t, we already know that e should have type t, and are 
checking that e is consistent with this knowledge. In the synthesis 
judgment e =)> t, we extract t from e itself (perhaps directly from a 
type annotation), or from assumptio ns available in a typing co ntext. 

The use of bidirectional typing (^Pierce' a nd Turn ei1i2()00l; Duii- 
field and Krishnaswami 120131) is often motivated bv the need to 
typecheck programs that use features Damas-Milner inference can¬ 
not handle, s uch as indexed and re finement types ( Xl 19981; Davies 
and Pfenning |2000| ; iDunfield and Pfenning||2004l) and higher-rank 
polymorphism. But decidability is not our motivation for using 
bidirectional typing. Rather, we want typing to remain predictable 
even though evaluation order is implicit. By following the approach 
of iDunfield and Pfenning! (I20041) . in which “introduction forms 
check, elimination forms synthesize”, we ensure that the evalu¬ 
ation orders in typing match what programmers intended: a type 
connective with a V or N evaluation order can be introduced only 
by a checking judgment. Since the types in checking judgments 
are derived from type annotations, they match the programmer’s 
expressed intent. 

Programmers must write annotations on expressions that are 
redexes: in (Ax. e) @ ei, the A needs an annotation, because Ax. e 
is an introduction form in an elimination position: [] @ e 2 . In 
contrast, f @ (Ax. e 2 ) needs no annotation, though the type of 
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f must be derived (if indirectly) from an annotation. Recursive 
functions fix u. Ax. e “reduce” to their unfolding, so they also need 
annotations. 

Valueness. Whether an expression is a value may depend on 
typing, so we put a valueness in the typing judgments: e va i=r- S (or 
e V ai<(= S) means that e at type S is definitely a value, while ex4S 
(or e t 4 = S) means that e at type S is not known to be a value. In 
the style of abstract interpretation, we have a partial order C such 
that val C T. Then the join cpi U cp 2 is val when (pi = tp 2 = val, 
and T otherwise, g Since valueness is just a projection of e, we 
could formulate the system without it, using e to mark judgments 
as denoting values (V) or possible nonvalues (N). But that seems 
prone to confusion: is m 4= saying the expression is “by name” in 
some sense? 

Types and typing contexts. In Figure[3]we show the grammar for 
evaluation orders e, which are either by-value (V), by-name (N), 
or an evaluation order variable a. We have the unit type 1. type 
variables a, ordinary parametric polymorphism Va. T, evaluation 
order polymorphism /ja.T, functions Ti A T2, products Ti * e T2, 
sums Ti + e T2, and recursive types p. e a. t. 

A source typing context y consists of variable declarations 
x f 4 t denoting that x has type t with valueness <p, fixed- 
point variable declarations u t=)> t (fixed-point variables are never 
values), evaluation-order variable declarations a eva(order, and type 
variable declarations a type. 

Impartial typing judgments. Figure [4] shows the bidirectional 
rules for impartial typing. The judgment forms are y hi e v 4= 
t, meaning that e checks against t (with valueness tp), and 
y hi e (p=)> t, meaning that e synthesizes type t. The “I” on 
the turnstile stands for “impartial”. 

Connective-independent rules. Ru les lIvarl and Ufixvarl simplv use 
assumptions stored in y. Rule llfixl checks a fixed point fix u. e 
against type t by introducing the assumption u t =4 t and check¬ 
ing e against t; its premise has valueness (p because even if e is a 
value, fi x u. e is not (T in the conclusion). 

Rule llsubl says that if e synthesizes t then e checks against t. 
For example, in th e (ill-advised) fixed point exp ression fix u. u, 
the premise of llfixl tries to check u against t . butllfixvarl derives a 
synthesis judgment, not a checking iudgment: llsu bl bridges the gap. 

Rule Hi nnol also mediates between synthesis and checking, in 
the opposite direction: if we can check an expression e against an 
annotated type t, then (e:x) synthesizes t. 

Introductions and eliminations. The rest of the rules are linked 
to type connectives. For easy reference, the figure shows each 
connective to the left of its introduction and e limina tion rules. We 
follow the recipe of lDunfield and Pfenning) J2004lf : introduction 
rules check, and elimination rules synthesize. This recipe yields 
the smallest sensible set of rules, omitting some rules that are not 
absolutely necessary but can be useful in practice. For example, our 
rules never synthesize a type for an unannotated pair, because the 
pair is a n introduc tion form. 

Rule |I+Elim| follows the recipe, despite having a checking 
judgment in its conclusion: the connective being eliminated, + e , 
is synthesized (in the first premise). 

Functions. Rule II—>lntrol introduces the type Ti A T2. Its 
premise adds an assumption x vaiuenessfe)^ Ti. where valueness(e) 
is val if e = V, and T if e is N or is an evaluation-order variable 
a. This rule thereby encompasses both variables that will be sub¬ 
stituted with values (valueness(e) = val) and variables that might 
be substituted with non-values (valueness(e) = T). Applying a 
functio n of type Ti A T2 yields something of type T2 regardless 
of e, so li— tElirm ignores e. 


Consistent with the us ual definit ion of syntactic values. HAlntrol s 
conclusion has val, w hile lT— >Eliml s conclusion has T. 

In rule II > Eliml the first premise has the connective to elim¬ 
inate, so the first premise synthesizes (ti + e T 2 ). This provides 
the type Ti, so the second premise is a checking judgment; it also 
provides T 2 , so the conclusion synthesizes. 

Products. Rule II*lntrol types a value if and only if both ei and 
e 2 are typed as values, so its conclusion has valueness cpi U cp 2 - 

Sums. Rule |I+lntroic| is straightforward. In rule ll+Eliml the as¬ 
sumptions added to y in the branches say that xi and X 2 are values 
(val), because our by-name sum type is “by-name” on the outside. 
This point should become more clear when we see the translation 
of types into the economical system. 

Recursive types. Rules |liilntro| and |l|xElim| have the same e in the 
premise and conclusion, without explicit “roll” and “unroll” con¬ 
structs. In a non-bidirectional type inference system, this would be 
awkward since the expression doesn’t give direct clues about when 
to apply these rules. In this bidirectional system, the type tells us to 
apply |I|Tlntro| (sin ce its con clusion is a checking judgment). Know¬ 
ing when to apply |IpElim| is more subtle: we should try to apply it 
whenever we need to synth esize som e other type connective. For 
instance, the first premise of|I+Elim| needs a +, so if we synthesize 
a p-type we should apply |I[.iElim| in the hope of exposing a +. 

The lack of explicit [unjrolls suggests that these are not iso¬ 
recursive but equi-recursive types dPiercell2002l chapter 20). How¬ 
ever, we don’t semantically equate a recursive type with its unfold¬ 
ing, so perhaps they should be called implicitly iso-recursive. 

Note that an implementation would need to check that the type 
under the p is guarded by a type connective that does have explicit 
constructs, to rule out types like p E a. a, which is its own unfolding 
and could make the typechecker run in circles. 

Explicit type polymorphism. In contrast to recursive types, we 
explicitly introduce and eliminate type polymorphism via the ex¬ 
pressions Aa. e and M [t] . This guarantees that a V can be instan¬ 
tiated with a type containing a particular evaluation order if and 
only if such a type appears in the source program. 

Principality. Suppose y hi ei q,=^ a . T 1 —> T 2 . Then, for any 
e, we ca n derive y hi ei @ e2 [e/a]T2. But we can’t use 

HHIntrol to derive the type fla'. [a'/a]T2, because ei @ eg. The 
only sense in which this expression has a principal type is if we 
have an evaluation-order variable in y that we can substitute for a. 

2.3 Programming with Polymorphic Evaluation Order 

Lists and streams. The impartial type system can express lists 
and (potentially terminating) streams in a single declaration: 

type List a a = p a |3. (1 + a (a* a |3)) 

Choosing a = V yields p v |3. (1 + v (ot* v |3)), which is the type of 
lists of elements a. Choosing a = INI yields p N |3. (1 + N (a* N (3)), 
which is the type of streams that may end—essentially, lazy lists. 
Since evaluation order is implicit in source expressions, we can 
write operations on List a a that work for lists and streams: 

map : /ja. Va. (a A |3) A (List a a) A (List a |3) 

= Aa. fix map. Af. Axs. 
case(xs, Xi .inji () , 

X2.inj2 (f @ (proji X2), map @ f 0 (proj2X2))) 

This sugar-free syntax bristles; in an implementation with conve¬ 
niences like pattern-matching on tuples and named constructors, 
we could write 
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Y hi e 


p a. t 


IVIntro 


y hi case(e, xi .ei, xz.ez) t^= t 
Y A e <p=^ p e a. t 


I+Elim 


Y hi e 


[(p e a. x)/a]x 


IpElim 


Figure 4. Impartial bidirectional typing for the source language 


map f xs : fla.Va. (a A (3) —> (List a a) —> (List a (3) 

= case xs of Nil => Nil 

I ConsChd, tl) =#• Cons(f hd, map f tl) 

Note that, except for the type, this is standard code for map. 

Even this small example raises interesting questions: 

• Must all the connectives in List have a? No. Putting a on either 
the q or the + and writing V on the other connectives is enough 
to get stream behaviour when a is instantiated with N: the only 
reason to eliminate (unroll) the q is to eliminate (case on) 
the +; marking either connective will suspend the underlying 
computation. Marking both p and + induces a suspension of 
a suspension, where forcing the outer suspension immediately 
forces the inner one; one of the suspensions is superfluous. 

Note that marking only * with a, that i s, p v |3. (l+ v (a* a (3)), 
yields an “odd” data structure IWadler et alj 11998 k one that 
is not entirely lazy: we know immediately—without forcing a 
thunk—which injection we have (i.e. whether we have Nil or 
Cons). 

• What evaluation orders should we use in the type of map? We 
used by-value (A), but we could use the same evaluation order 
as the list: fla.Va. (a A P) A (List a a) A (List a P). 
This essentially gives “ML-ish” behaviour when a = V, and 
“Haskell-ish” behaviour when a = N. The type system, how¬ 
ever, permits other variants—even the outlandishly generic 

flan a 2 , a 3 , a-p a 5 . Va.(a A p) A (List a 3 a) A (List a 5 p) 

We leave deeper investigation of these questions to future work: 
our purpose, in this paper, is to develop the type systems that make 
such questions matter. 


Variations in being odd and even. The Standard ML type of 
“streams in odd style” jWadler et al.lll998L Fig. 1), given by 

datatype a stream = Nil I Cons of a * a stream susp 

where a stream susp is the type of a thunk that yields an a 
stream, can be represented as the impartial type |i v p.(l + v 
(a * v (|i N Y- P))). Note the slightly awkward (q N Y- P), in which 
Y doesn’t occur; we can’t simply write q N p. on the outside, be¬ 
cause that would suspend the entire sum. (In the economical type 
system in Section [3] it’s easy to put the suspension in either po¬ 
sition.) This type differs subtly from another “odd” stream type, 
q v p. (1 + v (a * a p)), which corresponds to the SML type 

datatype a stream = Nil I Cons of (a * a stream) susp 

Here, the contents a are under the suspension; given a value of this 
type, we immediately know whether we have Nil or Cons, but we 
must force a thunk to see what the value is, which will also reveal 
whether the tail is Nil or Cons. 

We can also encode “streams in even style” dWadler et al.tl998[ 
Fig. 2): The SML declarations 

datatype a stream. = Nil. I Cons, of a * a stream 
withtype a stream = a stream, susp 

correspond to q N p. (1 + v (a * v p))), with the N on q playing the 
role of t he withtype declaration. 

Wadler et al. 019980 note that “streams in odd style” can be 
encoded with ease in SML, while “streams in even style” can be 
encoded with difficulty (see their Figure 2). In the impartial type 
system, both encodings are straightforward, and we would only 
need to write one (polymorphic) version of each of their functions 
over streams. 
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Source values v ::= () | Ax. e | (vi , V 2 ) I injk v 

By-value eval. contexts Cv ::= [] 

| C v @ e2 | Vi @ C v 
i (Cv, e 2 ) I (vi , Cv) I projkCv 
| mj k Cv | case(C v , x, .ei , x 2 .e 2 ) 

By-name eval. contexts Cm ::= [] 

[ C N © e 2 | lei @C N | 

| | (Cm, e 2 )T i*^e^C^T| I proj k C N 
I inj k Cm I casefCN , xi .e^ , x 2 .e 2 ) 

Source expression e steps to e' 


6 / w 6 


6 ^RV S 

Cv [e] Cv [e 


— SrcStepCtxV 


e ~^rm e 
Cm [e] Cm [e 


— SrcStepCtxN 


e reduces to e ' by value 
e reduces to e' by name 

(Ax. ei)@v 2 -wrv [v 2 /x]ei 
(Ax. ei) @ e 2 -wrm [e 2 /x]ei 

(fix u. e) -—*rv (fix u. e)/u e 
(fixu. e) ^rn (fix u. e)/u e 
projic (vi , v 2 ) ">rv v k 
projk (ei, e 2 ) -^rn e k 
case(inj k v, x 1 .ei , x 2 .e 2 ) ~» RV [v/x k ]e k 
case(inj k e, xi .e^ , x 2 .e 2 ) -t RN [e/xk]ek 


e ~>rv e / 
e s / 


pVreduce 
pNreduce 
fix V reduce 
fix N reduce 
projVreduce 
projNreduce 
caseVreduce 
caseNreduce 


Figure 5. Source reduction 


erfe) = e' 


Source expression e erases to e' 


erf A a. e) 

= erfe) 

er((» 

= 0 

er(e[S] ) 

= er(e) 

erfx) 

= X 

erf (e:S) ) 

= erfe) 

erfe 1 @ e 2 ) 

= er(ei)@er(e 2 


etc. 


Figure 6. Erasing types from source expressions 


Binary trees. As with lists, we can define evaluation-order- 
polymorphic trees: 

type Tree a a = p. a |3. (l + v (a * v |3 * v |3)) 

Here, only p. is polymorphic in a, to suppress redundant thunks. 

2.4 Operational Semantics for the Source Language 

A source expression takes a step if a subterm in evaluation posi¬ 
tion can be reduced. We want to model by-value computation and 
by-name computation, so we define the source stepping relation -w 
usings two notions of evaluation position and two notions of reduc¬ 
tion. A by-value evaluation context Cv is an expression with a hole 
[], where Cv[e] is the expression with e in place of the []. If e re¬ 
duces by value to e ', written e -^rv e', then Cv[e] Cy[e'}. For 
example, if e 2 ~->rv e 2 then Vi @ e 2 ^ Vi @ e 2 , because Vi @ [ ] 
is a by-value evaluation context. 


Dually, Cm[c] Cn[ e , ] if e ~>rm e'. Every by-value context 

is a by-name context, and every pair related by ~->rv is also related 
by ~~>rn, but the converses do not hold. For instance, ei @ [] is a 
Cn but not a Cv, and proj 2 (ei , e 2 ) ~>rm e 2 , but proj 2 (ei , e 2 ) 
reduces by value only when ei and e 2 are values. 

Values, by-value evaluation contexts Cv, by-name evaluation 
contexts Cn, and the relations ■wrv and ^rn are defined in 


Figure [5] The definitions of v, Cv and ^rv, taken together, are 
standard for call-by-value; the definitions of Cn and ~>rn are stan¬ 
dard for call-by-name. The peculiarity is that can behave either 
by value (rule|SrcStepCtxV} or by name (rule|SrcStepCtxN}. 

We assume that the expressions being reduced have been erased 
(Figure[6]i, so we omit a rule for reducing annotations. Alternatives 
are discussed in Section lfTTI 

2.5 Value Restriction 

Our calculus excludes effects such as mutable references; however, 
to allow it to serve as a basis for larger languages, we impose a 
value restriction on certain introduction rules. Without this restric¬ 
tion, the system would be unsoun d in the presence of mutable ref¬ 
erences. Following Wright (1995), the rule llVIntrol reauires that its 
subject be a value, as in Standard ML dMilner et al.ll 1997T) . A sim¬ 
ilar valueresgictionJsjneededMoMntersectioiM^es^Davies and 
Pfenning |2000i) . The following example shows the need for the re¬ 
striction on £1: 

let r : ref (/fa. t —> t) = ref f in 
r : = g; h(! r) 

Assume we have f : /fa. tAt and gitAt and h : (tAt) —> t. 
By a version of HHIntrol that doesn’t require its subject to be a 
value, we have r : /fa. ref (t — > t). Bv HHEIiml with N for a, 
we have r : ref (tAt], making the assignment r := g well- 
typed. However, bv lIHEIiml with V for a, we have r : ref (t -^4 t). 

It follows that the dereference ! r has type t —> t, so ! r can be 
passed to h. But ! r = g is actually call-by-name. If h. = Ax. x(e 2 ), 
we should be able to assume that e 2 will be evaluated exactly once, 
but x = g is call-by-name, violating this assumption. 

If we think of /) as an intersection type, so that r has type 
(t —> t) A (t A t), the ex ample and a rgument closel y fol¬ 
low |DaviesjffldPfcnnm3 d2000h and, in turn. lWrightl d!995h . (For 
union types, a similar problem arises, which can be solved by a 
dual solut ion—restric tin g the un ion-elimination rule to evaluation 
contexts dDunfield and Pfenningli20d3l) . ) 

2.6 Subtyping and q-Expansion 

Systems with intersection types often include subtyping. The 
strength of subtyping in intersection type systems varies, from 
syntactic i= aOTroachesJhat i emghasize_simghcit^Je i ^ ii Dunfield and 
Pfenning d2003 j) to semantic appro aches that emphasize com¬ 
pleteness (e.g. Frisch et al.1 d2002h l. Generally, subtyping—at 
minimum—allows intersections to be transparently eliminated 
even at higher rank (that is, to the left of an arrow), so that the 
following function application is well-typed: 

f : ((ti A Ti') —> t 2 ) -4t3, g : (ti —> t 2 ) I- f g : t 3 

Through a subsumption rule, g : (ti -4 t 2 ) checks against type 
(ti At,') —» t 2 , because a function that accepts all values of type 
Ti should also accept all values that have type Ti and type t( . 

Using the analogy between intersection and /f, in our impartial 
type system, we might expect to derive 

f : ((fla.Ti—>Ti)—> t 2 ) -4 T 3 , g : (ti->ti ) -4 t 2 h f g : t 3 

Here, f asks for a function of type (/(a.Ti Ati) A t 2 ), which 

works on all evaluation orders; but g’s type (ti A Ti ) A t 2 says 
that g calls its argument only by name. 

For simplicity, this paper excludes subtyping: our type system 
does not permit this derivation. But it would be possible to define a 
subt yping system, and incorporate subtyping into the subsumption 
rule llsu b l— ^herby_treating_^shnilarly_to_V^Dunfield and Krish- 
naswami 120131) . or by treating /] as an intersection type (Dunfield 
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and Pfenning 12003 '). A simple subtyping system could be derived 
from the typing rules that are stationary —where the premises type 
the same expression as the conclusion d Lei van d 19861) . For example, 
IIHEIiml corresponds to 


which depends on the e in e^-S: if we introduce the type N^-S, then 
e will be elaborated to a thunk, which is a value; if we are eliminat¬ 
ing N^-S, the elaboration of e will have the form force • • •, which 
(like function application) is not a value. 


The evalorder 
r h (fla.r) < [e/a]T 


</1-Left 


Alternatively, rpexpansion can substitute for subtyping: even with¬ 
out subtyping and a subsumption rule, we can derive 

f : ((fla. Ti Ati ) -> t 2 ) -> T3, 
g : (ti A t, ) -> t 2 h f (Ax. g x) : t 3 

This idea, developed b vlBarendregt et ahi ( ll983l) . can be automated; 
see, for example. iDunfieldl d2014l) . 


3.1 Translating to Economical Types 

To relate economical types to impartial types, we define a type 
translation LA = S that inserts suspension points (Figure|7J. Given 
an impartially-typed source program e of type t, we can show that 
[ej has the economical type LA (Theorem[T]l. 

Some parts of the translation are straightforward. Functions 
Ti A T 2 are translated to (£► [ti J) —» [T 2 J because when e = N, 
we get the expected type (N^[tiJ) —> [_T 2 J of a call-by-name 
function. 

We are less constrained in how to translate other connectives: 


3. Economical Type System 


|tJ =S 


Impartial type t translates to economical type S 


L1J = 1 Lfla-A = fla- LA 

In A t 2 J = (£► |TiJ) -> Lt 2 J LAA-A = pa. £► LA 
Lt, + e t 2 J = £► ([tiJ + [t 2 J) LVa. tJ = Va. LA 

Lti * e T 2 J = (£► LtiJ) * (£► L T 2j) LA = 01 


LyJ = r 


Impartial context y translates to economical context T 

•J = • LTi a evalorder\ = LyJ, a evalorder 

Ly, a type J = LyJ , a type |y, x va i =#• tJ = jyj, x : LA 

Ly> u t=> A = [yj,it: LA Ly,x t =¥ A = [y],x : N^LA 



Expression e with T-annotations 
translates to expression e' with S-annotations 


L(e:T)J = (LeJ : LA ) 
Le [t] j = L e J [ LA ] 
Lei @ e 2 J = [eij ® L e A 

etc. 


Figure 7. Type translation into the economical language 

The impartial type system directly generalizes a call-by-value 
system and a call-by-name system, but the profusion of connectives 
is unwieldy, and impartiality doesn’t fit a standard operational se¬ 
mantics. Instead of elaborating the impartial system into our target 
language, we pause to develop an economical type system whose 
standard connectives (—>, *, +, p) are by-value, but with a sus¬ 
pension point e*-S to provide by-name behaviour. This intermedi¬ 
ate system yields a straightforward elaboration. It also constitutes 
an alternative source language that, while biased towards call-by- 
value, conveniently allows call-by-name and evaluation-order poly¬ 
morphism. 

In the grammar in Figure[8] the economical types S are obtained 
from the impartial types t by dropping all the e decorations and 
adding a connective e^-S (read “e suspend S”). When e is V, this 
connective is a no-op: elaborating e at type V^S and at type S yield 
the same term. But when e is N, elaborating e at type N^-S is like 
elaborating e at type 1 —> S. 

In economical typing contexts T, variables x denote values, so 
we replace the assumption form x ,,=)> t with x : S. Similarly, we 
replace u t with u : S. 

Dropping e decorations means that—apart from the valueness 
annotations—most of the economical rules in Figure [8] look fairly 
standard. The only new rules are for suspension points £►, halfway 
down Figure[8] It would be nice to have only two rules (an introduc¬ 
tion and an elimination), but we need to track whether e is a value. 


• We could translate Ti + E t 2 to (£► Lti J) + (£► Ltt^J ). But then 
1 + N 1—presumably intended as a non-strict boolean type— 
would be translated to (N^-l) + (N^-l), which exposes which 
injection was used (whether the boolean is true or false) without 
forcing the (spurious) thunk around the unit value. Thus, we 
instead place the thunk around the entire sum, so that 1 + N 1 
translates to N^(l + 1). 

• We could translate Ti * E t 2 to £► ( Lti J * Lt 2 J)—which corre¬ 
sponds to how we decided to translate sum types. Instead, we 
translate it to (£► Lti J) * (£► Lt 2 J), so that, when £ = N. we 
get a pair of thunks; accessing one component of the pair (by 
forcing its thunk) won’t cause the other component to be forced. 

• Finally, in translating p E a. t, we could put a suspension on 
each occurrence of a in t, rather than a single suspension on 
the outside of t. Since t is often a sum type, writing + E already 
puts a thunk on t; we don’t need a thunk around a thunk. But 
by the same token, suspensions around the occurrences of a can 
also lead to double thunks: translating the type of lazy natural 
numbers p N a. ( 1 + a) would give pa. (N^(l+N^a)), which 
expands to N^(l + N^N^(1 + ...)). 

The rationales for our translation of products and recursive types 
are less clear than the rationale for sum types; it’s possible that 
different encodings would be preferred in practice. 

The above translation does allow programmers to use the alter¬ 
native encodings, though awkwardly. For example, a two-thunk 
variant of Ti * E t 2 can be obtained by writing (p E p.Ti) * v 
(p E p. t 2 ), where P doesn’t occur; the only purpose of p here is to 
insert a suspension. (This suggests a kind of ill-founded argument 
for our chosen translation of p: it enables us to insert suspensions, 
albeit awkwardly. ) 

3.2 Programming with Economical Types 

We can translate the list/stream example from Section LOI to the 
economical system: 

type List a a = pp. a^ ( 1 + (a* P)) 

The body of map is the same; only the type annotation is different. 
map : fla. Va. (a —> p) —t (List a a) —> (List a p) 

= Aa. fix map. Af. Axs. 
casefxs, xi .inji () , 

x 2 .inj 2 (f @ (proji x 2 ), map @ f 0 (proj 2 x 2 ))) 

The above type for map corresponds to the impartial type with A. 
At the end of Section 12.31 we gave a very generic type for map, 
which we can translate to the economical system: 

/-(ai > 32 ,33,34 , 35. 

Va. ^►((ai ^a) —> p)j —» (a 4 ^(List a 3 a)) —> (List a 5 P) 
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Economical types S ::= 1 | a | Va. S | /]a. S | e^-S Econ. typing contexts F ::= ■ | F, x : S | F, u : S | F a evalorder | F, a type 

I Si —1 S 2 | Si * S 2 | Si + S 2 | pot. S Econ. source expressions e ::= .,.] Act. e | e [S ] | (e:S) 


r l-E e v /= s 
n- E e (p=^ s 


Source expression e checks against economical type S 
Source expression e synthesizes economical type S 


■ Evar 


(u:S) G T 


(x:S) € T 
F V E x va |=)> S r I- E U T = 

T, a type h E e val't— S 


V 


r h E Aa. e „ a i 4 = Va. S 


V S 

EVIntro 


Efixvar 


■ Efix 


r h E e ,,= 


T, u : S h E e jp4 
F h E (fix u. e) T ^= S ^ T h E e q, 

T h E e <p=^ Va. S F I— S , type 

---7-7-— EVElim 


Esub 


Fbe 


T h E (e:S) 


■ Eanno 


n Fa evalorder h E e va i4= S 
IX r L „ 1 c - E/] Intro 


r l- E e va i<(= //a. S 
F be <p<(= S 


F h E e[S'] <p=)> [S'/a]S 

F h E e ^= 7 - fla.S 


1 F h E () ua i4= 1 
The evalorder 


Ellntro 


T be <p=^ [e/a]S 


■ EflElim 


Ellntro 


7 -.^ T be ip<^= e^-S 

rh E e val <NN^S 

F x : Si h E e S 2 
T h E (Ax. e) va i<(= (Si —» S 2 ) 

T h E e, cp,^=Si F h E e 2 tp 7 \ . 

^ - 

T h E (ei , ex) tp, ucp 2 4= (Si * S 2 ) 


F l- E e 


V^S 


r l-E e 


E^EI imv 


r h E e (p=r- e^-S 
F l- E e S 


|E»-Elim e | 


S 2 


T l- E ei cp, =)• (Si —» S2) r h E e2 tpj^ Si 

-^^1-x--- E— >Elim 

F h E (ei @ e2) t =¥ S2 

T l- E e <p=)> (Si * S2) 

- E* Eh 


■ F I - E e cp^= Sk 

+ r |_ T- • -i- Z"7c -—TT E + Intr °k 

r l- E (mjk e) jp4= (Si + S 2 ) 

T he <p<(= [(pa. S)/al S 

U -FT^- ~Z - q— E ^ lntro 

T l- E e (p<#= pa. S 


E*lntro —— --— ; ---— 

T |- E (projk e) t=^ Sk 

F,xi : Si He ei <p, 
F I - e e ^0=7- (Si + S2) F x 2 : S2 l- E e2 V2 
T h E case(e, xi .ei , X2.e2) t^= S 

r I— e e ;p=l> pa. S 
F h E e T ^ [(pa. S)/a] S * 


E+Elir 


Figure 8 . Economical bidirectional typing 


This type might not look economical, but makes redundant suspen¬ 
sions more evident: List a 3 a is p- ■ ■. a 3 ^ • • •, so the suspension 
controlled by 34 is never useful, showing that 34 is unnecessary. 

3.3 Economizing 

The main result of this section is that impartial typing deriva¬ 
tions can be transformed into economical typing derivations. The 
proof l lDunfieldll2015l Appendix B.3) relies on a lemma that con¬ 
verts typing assumptions with V^-S 7 to assumptions with S'. 
Theorem 1 (Economizing). 

(1) If y hi e ,,=)> Tthen [yj h E [ej <p=)> [tJ. 

( 2 ) Ify hi e <p<(= Tthen [yj h E [ej <p<(= [tJ. 

4. Target Language 

Our target language (Figure^ has by-value —>, *, + and p connec¬ 
tives, V, and a U connective (for thunks). 

The V connective has explicit introduction and elimination 

forms A_. M and M [_]. This “type-free” style is a compromise 

between having no explicit forms for V and having explicit forms 
that contain types (Aa. M and A [M]). Having no explicit forms 
would complicate some proofs; including the types would mean 
that target terms contain types, giving a misleading impression that 
operational behaviour is influenced by types. 

The target language also has an explicit introduction form 
roll M and elimination form unroll M for p types. 

As with V, we distinguish thunks to simplify some proofs: 
Source expressions typed with the connective are elaborated 
to thunk M, rather than to a A with an unused bound variable. 


Target terms M ::= 0 | x | Ax. M | Mi M 2 

| u | fix u. M | A_. M | M [_] 

| thunk M | force M 
(Mi, M 2 ) | projk M 
| inj k M | case(M, xi .Mi , X 2 .M 2 ) 
| roll M | unroll M 


Values W ::= () | x | Ax. M | A_. M 

| thunk M | (W,, W 2 ) 

| inj k W | roll W 

Valuables V ::= 0 | x | Ax. M | A_. V | V[_] 

| thunk M | (V,, V 2 ) 

| projk V | inj k V | roll V | unroll V 


Eval. contexts C ::= 

Target types A, B 
Typing contexts G 


[] | C @ M 2 I W, @ C | C [_] ] force C 

(C, M 2 ) I (W,, C) | projk C 
inj k C | case(C, Xi .Mi , X 2 .M 2 ) 
roll C | unroll C 

::= 1 | a [ Va. A | Ai —> A 2 | U Ai 
I Ai * A 2 | Ai + A 2 | pa. A 
::= ■ | G,x : A | G, ottype 


Figure 9. Syntax of the target language 


Dually, eliminating N ► results in a target term force M, rather than 
to M(). 

4.1 Typing Rules 

Figure flOlshows the typing rules for our target language. These are 
standard except for the ITVIntrol rule and the rules for thunks: 
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G b T M • A 

Target term M 

—-t —- Tllntro 

MuM' 


has target type A 

G bx 0 : 1 


(x: A) € G 
G bx x : A 


Tvar 


(u : A) € G 
G I - x tr; A 


Tfixvar 


G, u : A hx e : A 
G b T (fix u. e) : A 


Tfix 


W —4——— -TVIntro 

v Gh T A_. V : Vet. A 

G,x : A b T M : B 


G b T M : Vet. A 
G b A ' type 

G l T M[_] : [A'/a]A 


TVElim 


u 


G hr (Ax. M) : A->B 

G b T M : B 
G \~j thunkM: U B 

G hx Mi : Ai 
G \~x M2 ; A2 
G hx (Mi, M2); Ai *A 2 
G hx M: A]c 


T—> Intro 


TUIntro 


-T*lntro 


G hx inj^M : A 1 +A 2 


T+lntrc>k 


G hx Mi : A —^ B 
Gh x M 2 :A 
G h T (Mi M 2 ) : B 

G h T M, : U B 
G hx force Mi : B 

G hx M : Ai *A 2 
G hx projk M : Ak 

G hx M. : Ai +A 2 
G,xi :Ai hx Mi : A 
G,X2:A2 hj M 2 : A 


T— >Elii 


TUElin 


T*Elimk 


G b T M : [qa. A/a] A 
G b 1 roll M : pot. A 


G bx case(M, x, .M, , X 2 -M. 2 ) : A 


T+Elin 


■T Lilntro 


G bx M : pa. A 


G bx unroll M : [pa. A/a]A 


-TqElim 


M Hr M' 
C[ M] 1 —> C[M'] 


StepContext 


M 1 r M/ Target redex M reduces (by-value) to M' 


(Ax. M) 0 W 1 — >r [W/x]M (JReduce 

force (thunk M) i—> R M forceReduce 

(fix u. M) 1 — >r [(fix u. M)/u] M fixReduce 

(A . M) [ ] 1 —!r M tyappReduce 

projk ((W,, W 2 )) 1 —l R W k projReduce 

case(inj k W, X] .Mi , X 2 .M 2 ) i —>r [W/xiJMk caseReduce 
unroll (roll W) >—> R W unrollReduce 

Figure 11. Target language operational semantics 


| S | = A Economical type S elaborates to target type A 


111 = 1 

IS, ^S 2 | = |S,|->|S 2 | 
IS, +s 2 | = is, I + |S 2 | 

\ot\ = ot 

|Vct. S| = Mot. |S| 


|V^S| = |S| 

|N^S| = U |S| 

Ifla.SI = I[V/a]S| * |[N/a]S| 
|p.a. S| = pot. |S| 


in = g 


Economical typing context F 
elaborates to target typing context G 


Figure 10. Target language type system 

Valuability restriction. Though we omit mutable references from 
the target language, we want the type system to accommodate 
them. Using the standard syntactic value restriction dWri ghtllT99l ) 
would spoil this language as a target for our elaboration: when 
source typing uses e/abV Intro, it requires that the source expression 
be a value (not syntactically, but according to the source typing 
derivation). Yet if that source value is typed using elabf\ Elim, it 
will elaborate to a projection, which is n ot a syntactic value. So we 
use a valuability restriction in ITVIntrol A target term is a valuable 
V if it is a value (e.g. Ax. M) or is a projection, injection, roll or 
unroll of something that is valuable (Figure [9}. Later, we’ll prove 
that if a source expression is a value (according to the source typing 
derivation), its elaboration is valuable (Lemma[6]l. 

Thunks. We give thunk M the type U B for “thUnk B” (if M 
has type B); force M eliminates this connective. 

4.2 Operational Semantics 

The target operational semantics has two relations: M 1 —> R M', 
read “M reduces to M'”, and M 1 —> M', read “M steps to 
M'”. The latter has only one rule, |StepContext| which says that 
C[M] >—> C[M'] if M >—> R M', where C is an evaluation context 
(Figure |9j. The rules for 1 —> R (Figure lilt reduce a A applied to 
a value; a force of a thunk; a fixed point; a type application; a 
projection of a pair of values; a case over an injected value; and 
an unroll of a rolled value. Apart from force (thunk M), which we 
can view as strange syntax for (Ax. M) (), this is all standard: these 
definitions use values W, not valuables V. 

4.3 Type Safety 

Lemma 2 (Valuability). If V 1 —> M' or V 1 —> R M' then M' is 
valuable, that is, there exists V' = M'. 

Lemma 3 (Substitution). If G, x : A', G' bx M : A and G bx W : 
A' then G,G' b T [W/x]M : A. 


H = • |r,x : S| = in,x:|S| 

|f, a type] = |F|,atype |F, u:S| = |r|,u:|S| 

|r, a evalorder] undefined 

Figure 12. Translation from economical types to target types 

Theorem 4 (Type safety). If • bx M : A then either M is a value, 
orMn M' and G bx M' : A. 

Proof. By induction on the derivation of G bx M : A, using 
Lemma[3]and standard inversion lemmas, which we omit. □ 

5. Elaboration 

Now we extend the economical typing judgment with an output 
M, a target term : V b e ^ S » M. The target term M should be 
well-typed using the typing rules in Figure[l0] but what type should 
it have? We answer this question by defining another translation on 
types. This function, defined by a function |S| = A, translates an 
economical source type S to a target type A. 

We will show that if e v : S •—» M then M : A, where A = |S|; 
this_is Theorem [TO] Our translation follows a similar approach to 
iDunfield 1201 4). However, that system had general intersection 
types A, A A 2 , where A, and A 2 don’t necessarily have the 
same structure. In contrast, we have £|a. A which corresponds to 
([V/a]A) A ([N/a]A). We also differ in having recursive types; 
since these are explicitly rolled (or fo lded ) and unrol led in our 
target language, our rules |e/abp)ntro| and |e/abpElim1 add these 
constructs. 

Not bidirectional. We want to relate the operational behaviour of 
a source expression to the operational behaviour of its elaboration. 
Since our source operational semantics is over type-erased source 
expressions, it will be convenient for elaboration to work on erased 
source expressions. Without type annotations, we can collapse the 
bidirectional judgments into a single judgment (with in plac e of 
<(=/=)•); this obviates the need for elaboration versions of lEsu bl and 
lEannol which merely switch between <(= and =)•. 
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rh e^S^M 


(x:S) G r 


Erased source expression e elaborates at type S to target term M 

(u : S) G F _ r,u:S h CipiSnM 


F E x va i: S 


V 


— e/abvar —--- e/abfixvar 

x r E u r: S u 

T, a type E e va i: S > M 
The v ,i: Va. S A . M 


le/afoVI ntrol 


F E (fix u. e) y: S c —t (fix u. M) 
r E e cp: Va.S ■-> M 


elabfix 


r h 0 va i: 1 0 

r I- S' type 


e/abllntro 


a 


r E e vai: [V/a]S ■ 
T E e va i: [N/a]S 


Mi 

M 2 


The vai: (fla. S) 


£► 


The „: V*-S ^ M 
The vai: N^-S » (thunk M) 

r,x:Si E e <p: S2 h M 


T E (Ax. e) vai: (Si - 
F E ei (p,: Si 


(M,, M 2 ) 

- elab >- Intro 

e/ab—> Intro 


elabU Intro 


r h e cp: [S'/a]S ^ M[_] 

The,: (fla.S) M 

T h e ;p: [V/a]S <—> (proji M) 
F E e <p: [N/a]S (proj 2 M) 


e/ahVElim 


le/abllEliml 


The cp: V^S ■-> M 


■ M 

r E ei <p, : (Si 


e/afa^Elimv 


r h e cp: N^S ^ M 


n-e T :S-t (force M) 
S 2 ) > Mi T h e 2 cp 2 : Si M 2 


|e/ah>^ El i m |\| | 


S 2 ) > Ax. M 

-> Mi T E e 2 cp 2 : S 2 


M 2 


F E (ei , e 2 ) <Pl ucp 2 : (Si * S 2 ) 


e/ab* Intro 


T h e <p: S]< 


M 


F E (ei @ e 2 ) r: S 2 c —1 (Mi M 2 ) 

F h e cp: (Si * S 2 ) ‘—> M 
(Mi, M 2 ) F E (projk e) T : S k (proj k M) 

The cp 0 : (Si + S 2 ) “—» Mo 


elab — tElin 


e/ab*Elimk 


r,Xi : Si E ei cp,: s ■—> M, 
r, x 2 : S 2 E e 2 cp 2 : S M 2 


T E (injk e) cp: (Si +S 2 ) ‘—i (inj k M) 

F E e cp: [(pa. S)/a]S » M 


M- 


r E e cp: pa. S c —» (roll M) 


elab+ Introk 

e/abplntro 


F E case(e, xi .ei , x 2 .e 2 ) -p: S 
t case(Mo, xi .Mi , x 2 .M 2 ) 


elab+ Elim 


F E e cp: pa. S 1 


M 


T E e t: [(pa. S)/a]S "—» (unroll M) 


e/abpElim 


Figure 13. Elaboration 


Elaboration rules. We are elaborating the economical type sys¬ 
tem, which has by-value connectives, into the target type system, 
which also has by-value connectives. Most of the elaboration rules 
just map sou rce const ructs into the correspo nding target c onstructs; 
for example. le/abvarl elaborates x to x, and [e/ab^Tjntro] elaborates 
Ax. e to Ax. M where e elaborates to M. 

Elaborating V. Rule le/abVIntrol elaborates e (which is type- 
erased and thus has no e xplicit sourc e construct) to the target type 
abstraction A_. M; rule I e/a foV EI i m I elaborates to a target type ap¬ 
plication M [_]. 

Elaborating fl. Rule le/abHIntrol elaborates an e at type /(a. S to 
a pair with the elaborations of e at type [V/a]S and at [N/a]S. Note 
that unlike the corresponding rule lEHIntrol in the non-elaborating 
economical type syste m, which intr oduces a variable a into V and 
types e parametrically, lefabll I ntrol substitutes concrete evaluation 
orders V and N for a. Consequently, the F in the elaboration judg¬ 
ment ne ver contains a evalorder declarations. 

Rule le/abllEI im]elaborates to the appropriate projection. 

Elaborating ►. Rule \elab >-1 ntrol has two conclusions. The first 
conclusion elaborates at type V^-S as if elaborating at type S. The 
sec ond conclusion elaborates at N^S to a thunk. Cor respondingly, 
rule |e/ab^-Elimy| ignores the V suspension , and rule |e/ab»ElimNl 
forces the thunk introduced via le/ab»-lntrol 

5.1 Elaboration Type Soundness 

The main result of this section (Theorem II 011 is that, given a non¬ 
elaborating economical typing derivation T Ee e S, we can 
derive F E er(e) v >: S c —> M such that the target term M is well- 
typed. The erasure function er( e), defined in Figure[ 6 ] removes type 
annotations, type abstractions, and type applications. 


It will be useful to relate various notions of valueness. First, if e 
elaborates to a syntactic target value W, then the elaboration rules 
deem e to be a (source) value. 

Lemma 5. If F E e v : S •—» W then tp = vai. 

Second, if e is a value according to the source typing rules, its 
elaboration M is valuable (but not necessarily a syntactic target 
value). 

Lemma 6 (Elaboration valuability). 

If F E e vai: S <—t M then M is valuable, that is, there exists V 
such that M = V. 

Several substitution lemmas are required. The first is for the 
non-elaborating economical type system; we’ll use it in the lEHIntrol 
case of the main proof to remove a evalorder declarations. 

Lemma 7 (Substitution—Evaluation orders). 

(1) If T, a evalorder, F' E S type and T E e evalorder 
then F, [e/a]F' E [e/a]S type. 

(2) If T> derives F, a evalorder , F' Ee e cp <(= S and V E e evalorder 
then V' derives F, [e/a] F' Ee e <p<(= [e/a] S where T>' is not 
larger than V. 

(3) If V derives F, a evalorder , F' Ee e ,,=)• S and F E e evalorder. 
then T>' derives F, [e/a]F' Ee e cp=( [e/a]S where T>' is not 
larger than V. 

Next, we show that an expression e, can be substituted for a 
variable x, provided ei elaborates to a target value W. 

Lemma 8 (Expression substitution). 

(1) If F E ei cp,: Si •—t W and F,x : Si, F' E e 2 V2 : S •—» M 
then r, T' E [ei/x]e 2 cp 2 : S ■—» [W/x]M. 

(2) If T E fix u. ei t: Si t fix u. Mi 
and F, u : Si, F' E e 2 V2 : S M 

then F, F' E [(fix u. ei )/u] e 2 cp 2 : S •—> [(fix u. Mi )/u] M. 
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Lemma 9 (Type translation well-formedness). 

If T b S type then |F[ b |S| type. 

We can now state the main result of this section: 


Theorem 10 (Elaboration type soundness). 

If r b E e ip<(= S or F l- E e (p=r- S 

where F b S type and F contains no a evalorder declarations 
then there exists M such that V b er(e) v '\ S <—> M 
where cp' C <p and |F| b T M : |S|. 

The proof is in lDunfieldl d2015L Appendix B.5). In this theorem, 
the resulting elaboration judgment has a valueness tp ' that can be 
more precise than the valueness cp in the non-elaborating judgment. 
Suppose that, inside a derivation of a evalorder b E e va i<(= S, we 
have 

a evalorder b E e' va |<(= a^-S' ,_, 

--—— |E^EIim e | 

a evalorder b E e t <(= S 


The valueness in the conclusion must be T, because we might 
substitute N for a, which is elaborated to a force, which is not a 
value. Now suppose we substitute V for a. We need t o construct an 
elaboration derivation, and the only rule that works is|e/abfr-Elimy| 


b e' va i: WS' M 
■ b e' V3t : S' ^ M 


|e/ab»-Elimv| 


This says e' is a value (val), where the original (parametric) eco¬ 
nomical typing judgment had T: Substituting a concrete object 
(here, V) for a variable a increases information, refining T (“I can¬ 
not prove this is a value”) into val. In the introduction rules, sub¬ 
stituting N for a can replace T with val, because we know we’re 
elaborating to a thunk, which is a value. 


To get a source type safety result that is both direct (without ap¬ 
pealing to elaboration and target reductions) and useful, we’d need 
to give a semantics of “reduction with respect to a typing deriva¬ 
tion”, or else reduction of a typing derivation. Such a semantics 
would support reasoning about local transformations of source pro¬ 
grams. It should also lead to a converse of the consistency result in 
this section: if a source expression reduces with respect to a typing 
derivation, and that typing derivation corresponds to an elaboration 
derivation, then the target program obtained by elaboration can be 
correspondingly reduced. 

6.2 Defining N-Freeness 
Definition 1 (N-freeness—impartial). 

(1) An impartial type t is N-free iff (i) for each e appearing in S, 
the evaluation order e is V; and (ii) t has no quantifiers. 

(2) A judgment y bi e v <(= t or y bi e v =$> t is N-free iff: (a) y 
has no a evalorder declarations; (b) in each declaration x ;p=)> t 
in y, the valueness cp is val and the type t is N-free; (c) all types 
appearing in e are N-free; and (d) t is N-free. 

Definition 2 (N-freeness—economical). 

(1) An economical type S is N-free iff (i) for each e^-So appearing 
in S, the evaluation order e is V; and (ii) S has no quantifiers. 

(2) A judgment F b E e ip-(= S or F P E e (p=)> S is N-free iff: (a) V 
has no a evalorder declarations; (b) all types S' in F are N-free; 
(c) all types appearing in e are N-free; and (d) S is N-free. 

Definition 3 (N-freeness—target). A target term M is N-free iff it 
contains no thunk and force constructs. 


6. Consistency 

Our main result in this section, Theorem[l5] says that if e elaborates 
to a target term M, and M steps (zero or more times) to a target 
value W, then e steps (zero or more times) to some e' that elabo¬ 
rates to W. The source language stepping relation (Figure[5} allows 
both by-value and (more permissive) by-name reductions, raising 
the concern that a call-by-value program might elaborate to a call- 
by-name target program, that is, one taking steps that correspond 
to by-name reductions in the source program. So we strengthen the 
statement, showing that if M is completely free of by-name con¬ 
structs, then all the steps taken in the source program are by-value. 

That still leaves the possibility that we messed up our elabora¬ 
tion rules, such that a call-by-value source program elaborates to 
an M that contains by-name constructs. So we prove (Theoreml I SI 
that if the source program is completely free of by-name constructs, 
its elaboration M is also free of by-name constructs. Similarly, we 
prove (Theorem 1 17b that creating an economical typing derivation 
from an impartial typing derivation preser ves N-freeness. 

Proofs can be found in lPunfielH d2015L Appendix B. 6 ). 

6.1 Source-Side Consistency? 

A source expression typed by name won’t get stuck if a by-value 
reduction is chosen, but it may diverge instead of terminating. 

Suppose we have typed (Ax. x) against t A t. Taking only a by¬ 
name reduction, we have 

(Ax. () )(fix u. u) [(fix u. u)/x] O = () using lpNred uce| 

However, if we “contradict” the typing derivation by taking by¬ 
value reductions, we diverge: 

(Ax. ())(fix u. u) (Ax. ()) ([(fix u. u)/u]u) using lfixV red ucel 
= (Ax. () )(fix u. u) ... 

We’re used to type safety being “up to” nontermination in the sense 
that we either get a value or diverge, without getting stuck, but this 
is worse: divergence depends on which reductions are chosen. 


6.3 Lemmas for Consistency 

An inversion lemma all ows types of th e form )/► ... V^-S, a gener¬ 
alization needed for the \elab >- Elimy l ease; when we use the lemma 
in the consistency proof, the type is not headed by )/►: 

Lemma 11 (Inversion). Given ■ h e f : V► . . . V ► S M: 

0 or more 

(0) If M = (Ax. M 0 ) and S = (Si —» S 2 ) 

then e = (Ax. eo) and -,x : Si h eo S 2 £ —» Mo. 

(1) If M = (W,, W 2 ) and S = (fla. S 0 ) 

then ■ h e v : [V/a]So Wi and • h e v : |N/a]So W 2 . 

(2) If M = thunk Mo and S = N^-So then • h e T ': SoM Mo. 

Parts (3) —(6), for V, +, p and *, are stated in the appendix. 

Previously, we showed that if a source expression elaborates to a 
target value, source typing says the expression is a value (cp = val); 
here, we show that if a source expression elaborates to a target 
value that is N-free (rulin g out thunk M produced by the second 
conclusion of le/ab» Introl l, then e is a syntactic value. 

Lemma 12 (Syntactic values). 

If T h e vai: SmW and W is N-free then e is a syntactic value. 

The next lemma just says that the 1 —> relation doesn’t produce 
thunks and forces out of thin air. 

Lemma 13 (Stepping preserves N-freeness). If M is N-free and 
MhM' then M' is N-free. 

The proof is by cases on the derivation of M 1 —> M', using the 
fact that if Mo and Mi are N-free, then [Mo/x]Mi is N-free. 

6.4 Consistency Results 
Theorem 14 (Consistency). 

If ■ h e tp: S <—> M and Mh M 1 then there exists e' such that 
e -'•** e' and ■ I- e' v /: S <—t M' and cp' C cp. 

Moreover: (1) If cp = val then e' = e. (2) If M is N-free then 
e e' can be derived without usinglSrcStepCtxN] 
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Result (1), under “moreover”, amounts to saying that values 
don’t step. Result (2) stops us from lazily sneaking in uses of 
|SrcStepCtxN| instead of showing that, given N-free M, we can 
always find a by-value evaluation context for use in |SrcStepCtxV| 
Theorem 15 (Multi-step consistency). 

If ■ H e f : S 4 M and M. i—>* W then there exists e' such that 
e --** e' and • I- e' va i: SsW. Moreover, if M. is N-free then 
we can derive e e' without using lSrcStepCtxN] 

6.5 Preservation of N-Freeness 

Lemma 16. If F hr e S and S is not N-free then it is not the 
case that both T and e are N-free. 

Theorem 17 (Economizing preserves N-freeness). 

Ify hi e (p<(= t (resp. =4) where the judgment is N-free (Definition 
Q](2)) then [yJ F e L^J <p4= [tJ (resp. =4) where this judgment is 
N-free (Definition[2](2)). 

Theorem 18 (Elaboration preserves N-freeness). 

If T He e <p<(= S (or =4) where the judgment is N-free (Definition 
[2](2)) then F H er(e) v : S °4 M such that M is N-free. 

7. Related Work 

History of evaluation order. In the A-calculus, normal-order 
(leftmost-outermost) reduction s eems to have preceded anything 
resembling call-by-value, but iBemavl J 1936h suggested requiring 
that the term being substituted in a reduction be in normal form. 
In programming languages, Algol-60 originated call-by-name and 
also provided call-by-value dNaur et al.11196(1 4.7.3); while the de¬ 
cision to make the former the default is debatable, direct support for 
two evaluation orders made Algol-60 an improvement on many of 
its successors. iPlotkiiil (11975h related cbv and cbn to the A-calculus, 
and developed translations between them. 

Call-by-need or lazy evaluation was developed in the 1970s 
with the goal of doing as little computational work as possible, 
und er which we can include the unbounded work o f not terminat¬ 
ing jWads\TOrt5 j_97H; Henderson and Morris 1976: Friedman and 
Wise ll976l) . = 

Laziness in call-by-value languages. Type-based support for se¬ 
lective lazy evaluation has been develope d for cbv languages, in - 
cluding Standard ML dWadler et alJll998h and Java dWartldl2007l) . 
These approaches allow programmers to conveniently switch to an¬ 
other evaluation order, but don’t allow polymorphism over evalua¬ 
tion orders. Like our economical type system, these approaches are 
biased towards one evaluation order. 

General co ercions. General approach es t o typed coerci ons were 
explored bvlBreazu-Tannen et al.Ul99ll) andlBarthel(il996t). Swamv 
et al. d2009t) developed a general typed coercion system for a 
simply-typed calculus, giving thunks as an example. In addition 
to annotations on all A arguments, their system requires thunks (but 
not forces) to be written explicitly. 

Intersection types. While this paper avoids the notation of inter¬ 
section types, the quantifier H is essentially an intersection type 
of a very specific for m. Theories of inte rsection types w ere orig¬ 
inally developed by Coddo et al] d 198 ill , among others; Hindlev 
1 119921 gives a useful introduction and survey. Intersections en- 
tered programm ing languages—as opposed to A-calculus—when 
iRevnoldsi (i 19961) put them at the heart of the Forsythe language. 
Subsequent ly—Reynolds’s paper d escribes ideas he developed in 
the 1980s— (Freeman and Pfenning! {199111 started a line of research 
on refinement intersections, where both parts of an intersection 
must refine the same base type (essentially, the same ML type). 

The intersection in this paper mixes features of general in¬ 
tersection and refinement intersection: the V and N instantiations 


have close-to-identical structure, but cbv and cbn functions aren’t 
refinements of some “order-agnostic ” base typ e. Our approach is 
descended mainly from the system of Dunfieldj ( 2014 ). which elab¬ 
orates (general) intersection and union types into ordinary product 
and sum types. We differ in not having a source-level ‘merge’ con¬ 
struct ei,, e 2 , where the type system can select either e; or e 2 , ig¬ 
noring the other component. Since ei and e 2 are not prevented from 
having the same type, the type system may elaborate either expres¬ 
sion, resulting in unpredictable behaviour. In our type systems, we 
can think of @ in the source language as a merge ( @ v „ @ N ), but 
the components have incompatible types. Moreover, the compo¬ 
nents must behave the same apart from evaluation order (evoking a 
standard property of systems of refinement intersection). 

Alternative target languages. The impartial type system for our 
source language suggests that we should consider targeting an im¬ 
partial, but more explicit, target language. In an untyped setting, 
IAspertil d 1990t) developed a calculus with call-by-value and call-by- 
name A-abstractions; function application is disambiguated at run 
time. In a typed setting, call-by-push-value {Lev Wm systemati¬ 
cally distinguishes values and computations; it has a thunk type U 
(whence our notation) but also a dual, “lift” F, which constructs a 
computation out of a value type. Early in the development of this 
paper, we tried to elaborate directly from the impartial type system 
to cbpv, without success. Levy’s elegant pair of translations from 
cbv and from cbn don’t seem to fit together easily; our feeling is 
that a combined translation would be either complicated, or prone 
to generating many redundant forces and thunks. 

Zeilberger 120091) defined a polarized type system with positive 
and negative forms of each standard connective. In that system, X 
and T connectives alternate between polarities, akin to U and F in 
call-by-push-value. Zeilberger’s system has a symmetric function 
type, rather than the asymmetric function type found in cbpv. We 
guess that a translation into this system would have similar issues 
as with call-by-push-value. 

8. Future Work 

This paper develops type systems with multiple evaluation orders 
and polymorphism over evaluation orders, opening up the design 
space. More work is needed to realize these ideas in practice. 

Implicit polymorphism. We made type polymorphism explicit, to 
prevent the type system from guessing evaluation orders. A prac¬ 
tical system should find polymorphic instances without guessing, 
perhaps basedon_existendalAi 2 e i ^ariables_(Dunfield and Krish- 
naswami l2013l) . We could also try to use some form of (lexically 
scoped?) default evaluation order. Such a default could also be 
useful for deciding whether some language features, such as let- 
expressions, should be by-value or by-name. 

Exponential expansion. Our rules elaborate a function typed 
with n X) quantifiers into 2 n instantiations. Only experience can 
demonstrate whether this is a problem in practice, but we have 
reasons to be optimistic. 

First, we need the right point of comparison. The alternative 
to elaborating map into, say, 8 instantiations is to write 8 copies 
of map by hand. Viewed this way, elaboration maintains the size 
of the target program, while allowing an exponentially shorter 
source program! (This is the flipside of a sleight-of-hand from 
complexity theory, where you can make an algorithm look faster 
by inflating the input: Given an algorithm that takes 2 n time, where 
n is the number of bits in the input integer, we can get a purportedly 
polynomial algorithm by encoding the input in unary.) 

Second, a compiler could analyze the source program and gen¬ 
erate only the instances actually used, similar to monomorphization 
of V-polymorphism in MLton (mlton.org). 
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Other evaluation orders. Our particular choice of evaluation or¬ 
ders is not especially practical: the major competitor to call-by- 
value is call-by-need, not call-by-name. We chose call-by-name for 
simplicity (for example, in the source reduction rules), but many of 
our techniques should be directly applicable to call-by-need: elab¬ 
oration would produce thunks in much the same way, just for a 
different dynamic semantics. Moreover, our approach could be ex¬ 
tended to more than two evaluation orders, using an n-way inter¬ 
section that elaborates to an n-tuple. 

One could also take “order” very literally, and support left-to- 
right and right-to-left call-by-value. For low-level reasons, OCaml 
uses the former when compiling to native code, and the latter when 
compiling to bytecode. Being able to specify order of evaluation via 
type annotations could be useful when porting code from Standard 
ML (which uses left-to-right call-by-value). 

Program design. We also haven’t addressed questions about 
when to use what evaluation order. Such questions seem to have 
been lightly studied, perhaps because of social factors: a program¬ 
mer may choose a strict language because they tend to solve prob¬ 
lems that don’t need laziness—which is self-reinforcing, because 
laziness is less convenient in a strict language. Flowever, IChanal 
( 2014 ) developed tools, based on both static analysis and dynamic 
profiling, that suggest where laziness is likely to be helpful. 

Existential quantification. By analogy to union types l lDunfieldl 
l2014h . an existential quantifier would elaborate to a sum type. For 
example, the sum tag on a function of type 3a. t A t would 
indicate, at run time, whether the function was by-value or by¬ 
name. T his m ight resemble a typed version of the calculus of 
lAsnertii ( Tl 99C)I ). 
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lErratumTl Call-by-name evaluation contexts 

Corrected in arXiv version 3. 

What is the mistake? 

The definition of by-name evaluation contexts in Figure [5] is wrong; it manages to define a peculiarly eager evaluation context that can 
evaluate a function’s argument before the function has been evaluated, and evaluate inside a pair. In addition to not being call-by-name, this 
is awfully nondeterministic. 

By-name eval. contexts Cn ::= [] 

| C N ® e 2 l i e, ®Cn | 

I [airerJnTerfe] I P r °jk Cn 
I inj k Cnj | case(Ci\i, X] .ei , X2.ei) 

The fix is to omit the three |boxedJ alternatives in the grammar. 

By-name eval. contexts Cm ::= [ ] 

I C N @ e 2 
I projk Cm 

| inj k Cn I case(CM , xi .ei , X2.e2) 

The discussion in Section [2~4l marked with a red box, notes that “ei @ [] is a Cm but not a Cv”, which matches the (wrong) definition; 
however, since the definition is wrong, the claim that “the definitions of Cm and -^>rn are standard for call-by-name” is utterly wrong. 

What are its consequences? 

Few (apart from embarrassment). The consistency result is only a simulation, not a bisimulation. None of the metatheory goes from a source 
reduction to a target reduction; that is, no claims have the form “given some e -w e', where e is related to M, produce some M/ such that 
MhM'”. 

In fact, one could add any kind of garbage to the definition of Cn, and the metatheory wouldn't change. 

lErratumTl Uppercase, lowercase 

Corrected in arXiv version 3. 

In the published version, the “judgment boxes” heading the rules had F instead of y. Similarly, Theorem 17 had [FJ instead of [yj ■ 

As these are minor mistakes, they are not highlighted in the text. 
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Supplemental material for “Elaborating Evaluation-Order Polymorphism” 


This section of the extended version iPunficldiho 1 5 !) contains the (straightforward) rules for type well-formedness (Appendix lAt. 
proofs about economical typing that belong to Section [3l (Appendix IB. 3I >. proofs about elaboration typing that belong to Section [5] 
(Appendix IB. 5b . and consistency proofs that belong to Sectionl6l(Appendix lB.6b . 

A. Type Well-formedness 


y h e evalorder 


Evaluation order e is well-formed 


y h V evalorder 
y h N evalorder 


y h x type 


Impartial type t is well-formed 

{oc type) G y 
y h 1 type y b a type 


y b T! type 
y b e evalorder y b t 2 type 

y b (ti4t 2 ) type 
y b (ti * e T 2 ) type 
y b (ti + € t 2 ) type 


(a evalorder) G y 
y b a evalorder 


y, a type b % type 
y b (Va. t) type 


y, a evalorder b t type 
y b (fla.x) type 


y b e evalorder y, a type b t type 
y b (p e a. x) type 


Figure 14. Type well-formedness in the impartial type system 


f h e evalorder 


Evaluation order e is well-formed 


T b V evalorder 
f b N evalorder 


P h S type 


Economical type S is well-formed 

(a type) G T 

f b 1 type f b a type 


f b e evalorder T b S type 
f b (e^S) type 


(a evalorder) G T 
f b a evalorder 


F, a. type b S type 
f b (Va. S) type 

f b Si type 
T b S 2 type 

r b (Si —> S 2 ) type 
r b (Si * S 2 ) type 
r b (Si + S 2 ) type 


F, a evalorder b S type 
f b (fla.S) type 


T, a type b S type 
f b (pa. S) type 


Figure 15. Type well-formedness in the economical type system 


G h A type 


Target type A is well-formed 


G b 1 type 


G b A type 
G b (U A) type 


{oLtype) G G 
G b a type 

G b Ai type 
G b A 2 type 

G b (Ai —> A 2 ) type 
G b (Ai * A 2 ) type 
G b (Ai + A 2 ) type 


G, a type b A type 
G b (Va. A) type 


G, a type b A type 
G b (pa. A) type 


Figure 16. Type well-formedness in the target type system 


B. Proofs 

Notation 

We present some proofs in a line-by-line style, with the justification for each claim in the rightmost column. We highlight with is- 
what we needed to show; this is most useful when trying to prove statements with several conclusions, like “if... then Q1 and Q2 and 
Q3'\ where we might derive Q2 early (say, directly from the induction hypothesis) but need several more steps to show Q1 and Q3. 
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B.3 Economical Type System 
Lemma 19 (Suspension Points). 

( 1 ) If P,x va |=)> V^S', V h E e (p<= s 
then r,x va |=)> S', r' h E e^<(=S. 

(2) If P, x va |=^> V^S', P' h E e <p=)> s 
then F,x va |=)> S', F' E e e ,,=)> S. 

Proof. By mutual induction on the given derivation. The lEvarl case uses |E^lntro| (first conclusion). 

Lemma 20 (Economizing (Types)). 

If y E t type then [yj E LA type. 

Proof By induction on the derivation of y E t type (Fig. 1 141i. 

Lemma 21 (Economizing (Eval. Order)). 

If y E e evalorder then [yj E £ evalorder. 

Proof. By a straightforward induction on y. 

Theorem 1 (Economizing). 

(1) Ify Ei e <p=> Tthen [yj E e [ej <p=> LA- 

(2) Ify Ej e Tthen (yj E e [ej cp<(= LA- 

Proof. By induction on the given derivation. 


Y> valueness(e) =)> Ti ) El eo cp<(= T2 _ 

- 1 i - II— ilntrol 

y Ei (Ax. e 0 ) va |<= (xi -> t 2 ) 

~Y > ^ valueness(e) =)> T] Ei e 0 cp<(= t 2 
LY,*valueness(e)=)> O J E E |yoJ cp L^A 

LyJi* : (£► L T tJ) E e L e oJ <p<N J 

LyJ E e (Ax. LeoJ) va i<N L^J 

«■ LyJ e e l^x. e 0 J va i<(= Lo A t 2 j 


Subderivation 
By i.h. 

By def. of [—J 
Bv IE— tlntrol 
By def. of [—J 


Y Ei 

ei 

<pi =7 

(tt At) y Ej e 2 

|I _ >Elim| 



Y 

Ei (ei 0 e 2 ) T =)> t 


Y 

Ei 

6l (p 

A(ti A t) 

Subderivation 

LyJ 

l“E 

Lei J 

cpi=^ Lo A tJ 

By i.h. 

LyJ 

l“E 

Lei J 

<pi=^ (£► L^t J) -> LA 

By def. of (— J 

y 

Ei 

e 2 ip. 

2<= Ti 

Subderivation 

LyJ 

l“E 

LezJ 

Cp2^ L T lJ 

By i.h. 

LyJ 

l“E 

LeiJ 

<p)<N £► LTi J 

Bv|E^lntro| 

LyJ 

l“E 

Lei @ e 2 J T =)> (A 

Bv|E— >Elim|and def. of | —J 


• Case 


Y Ei 0 va |<(= 1 


llllntrol 


LyJ e e o va i<i= l 
w LyJ e e LOJ V ai^ LiJ 


Bv lElIntrol 
By def. of (—J 


• Case 


y, a type E t e 0 

val = ^0 

y hj Aoc. e 0 vai^ Va. t 0 


HVIntrol 


□ 


□ 


□ 
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Y, a type I - ! e 0 val <N T 0 
Ly, atypej h E |e 0 J val^ Lt 0 J 
lYj,afype h E [eoj va i<= L T oJ 

LyJ H e Aa. L e oJ vai^Va. L^oJ 
«■ LyJ H E L Aa - e oJ val^= LVa. ToJ 


Subderivation 
By i.h. 

By def. of [—J 
Bv lEVIntrol 
By def. of [—J 


• Case 


Y Hi e 0 <p=¥ Va. t 0 y h r' type 
Y H e 0 [T'] cp=^ [T'/ajTo 


UVEIiml 


Y Hi e 0 <p=^ Va. t 0 

LyJ H e LeoJ <p=^ LVa.xoJ 
LyJ H e LeoJ <p=> Va. Lt 0 J 

Y h t' type 

LyJ I” Lt'J type 

LyJ h e LeoJCL^'J] <p=> LL^'J/oeJL^oJ 
«*• LyJ h e L e o[T']j <p=^ Y[x'/ot\xo\ 


Subderivation 
By i.h. 

By def. of [—J 
Subderivation 
By Lemma l20l 
Bv lEVEIiml 

By properties of [—J and substitution 


• Case 


Y, a evalorder hi e va |<= To 
Y Hi e va ,<= fla.T 0 


I1HI ntrol 


Y, a evalorder hi e va | <= To 
Ly, a evaiorderj h E L e J vai<= L T oJ 
LyJ > a evalorder h E [ej va |<= L^oJ 

LyJ h e [ej va i<= fla. LtoJ 
LyJ H e LeJ va |<= L/Ja.ToJ 


Subderivation 
By i.h. 

By def. of [—J 
Bv lEHIntrol 
By def. of [—J 


• Case 


Y Hi e <P=> fla .To y H e evalorder 

Y Hi e <p=> [e/a]T 0 


lUEIiml 


Y Hi e <p=> fla . To Subderivation 

LyJ H e LeJ v =¥ Lfla.ToJ By i.h. 


Y H e evalorder Subderivation 

LyJ h e evalorder By Lemma[2U 


LyJ H e LeJ <p=¥ [e/a] [T 0 J 
■a- LyJ H e LeJ <p=r- LLe/a]x 0 J 


Bv lEHEIiml 

By properties of [—J and substitution 


• Case 


(x <p=£> t) E Y n —. 

- Ilvarl 

Y Hi x <p=i> t 


(X(p=^t)gy Premise 
We distinguish cases of cp: 
■ If cp = val, then: 


(x: v^LtJ) g LyJ 

By def. of [—J 

LyJ H e x va |=>V^-[Tj 

BvlEvarl 

LyJ He x va |=> L T J 

By|E^EIimv| 

■ If cp = T, then: 


(x : N ► LtJ ) G LyJ 

By def. of [—J 

LyJ He x va ,=> N^LtJ 

BvlEvarl 

■W LyJ He x T LtJ 

By|E^-Elim e | 

• Ca “ (u^TlEY 

- Iltixvarl 

Y hi U T =^ T 


(u : L T J ) G LyJ By def- °f 

L-J 


w LyJ H e u t=^ [tJ Bv lEfixvarl 
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• Case 


Y,u t =^t:I-i e 0 <p'<=T 

- Ilfixl 

T Hi (fixu. e 0 ) T <= t 


Ly,ut^tJ H e e 0 <p<= |rj Byi.h. 

LyJ > u : L t J h E e 0 4 ><= |rj Bydef. of [-J 

W LtJ H e (fix u. e 0 ) T<= L t J Bv lEfixl 


Case 


Y H e 


Y Hi e <p<= t 

By i.h. and lEsubl 


llsubl 


• Case 


Y Hi e 0 <p<H= t 


Y Hi (e 0 :t) <p=^ t 

By i.h. andlEa nnol 


llannol 


Y Hi ei cp, <= Ti y Hi e 2 cp 2 <H= x 2 _ 

--- II*lntrol 

T Hi (ei, e 2 ) cp, ucp 2 <= (ti * t 2 ) 


T Hi e! <= Xi 

Subderivation 

LtJ He Lei J cpi <N L T i J 

By i.h. 

LtJ He (eiJ <p,<N e^L^iJ 

BvlE^Introl 

LtJ H e [e 2 J <p 2 <= £► \x 2 \ 

Similar 

LtJ He (Lei J, Le 2 J) cp,ucp 2 <= (e^L^iJ) * (e^L^J) 

BvlE*lntrol 

LtJ He L^ei, e 2 )J cp,u<p 2 <= L^i * e t 2 J 

By def. of L~J 


• Case 


Y Hi e 0 (ti * £ t 2 ) 
T Hi (proj k e 0 ) T=^ T k 


|I* El i m ].~1 


Y Hi e 0 (p=> (tt * e t 2 ) 

LtJ He L e oJ <p=^ L t i * e T 2j 

LtJ He LeoJ <p=^ (e^L T iJ) * ( e ^L T 2j) 

LtJ He (projk LeoJ) T=^ (e^L^kJ) 

**■ LtJ He Lp r °jk eoj t=> L T kJ 


Subderivation 
By i.h. 

By def. of L~J 
By |E*Elim k | 

By |E^EIim e | and def. of L~J 


• Case 


Y Hi e 0 <p<= T k 
Y Hi (inj k e 0 ) <p<= (T! + e t 2 ) 


ll+IntroJJI 


Y Hi e 0 <p<= T k 
LtJ He LeoJ v <= L^kJ 
LyJ He (inj k LeoJ) <p<= L^iJ + L T 2j 
LyJ He (injk LeoJ) cp^ £^(Lt,J + Lt 2 J) 
LtJ h e L in jk e 0 J <p^ L T iJ + L T 2j 


Subderivation 
By i.h. 

By |E+lntro k | 

Bv lE^Introl thrst conclusion) 
By def. of L~J 


• Case 


T Hi e 0 


T,*1 val=> Ti \~1 e, cp n <F= T 
(T!+ e T 2 ) y,x 2 va i=> r 2 Hi e 2 <p 2 <H= t 


Y Hi case(eo, xi .ei , x 2 .e 2 ) t^= T 


11+ El i m | 
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Y 

Hi 

eo tp 

o=i> (Tl + £ X 2 ) 

Subderivation 


LyJ 

l“E 

L e oJ 

<Po=^ L T 1 + £ T 2j 

By i.h. 


LyJ 

l“E 

L e oJ 

<Po=)> e^([TlJ + (T2j) 

By def. of [— J 


LyJ 

^E 

LeoJ 

T=^ (L T lJ + L T 2j) 

BvlE^EIim e | 

Y,*l va 

ii=^ 

Hi 

6] (p 

1=^1 

Subderivation 

LyJ, XI : Vl 

►L^lJ 

^E 

Lei J 

vi =$■ L t J 

By i.h. and def. of L~J 

LyJ,*i 

: LttJ 

E 

L e i J 

<p 1 ^ LtJ 

By Lemma [79] 

LyJ, *2 

: L^zJ 

l“E 

L e 2 J 

iFiB’ LtJ 

Similarly 


«■ LyJ H e Lcase(e 0 , XI .ei , x 2 .e 2 )J T =^ W By lE+Eliml 


• Case 


yhe<p^= [(|x e a. Tq)/ g]T 0 

Y Hi e <p <= fi. e a. T 0 


|i|alntro| 


Y Hi e<p<= [(p e a. T 0 )/a]T 0 

LyJ H e [ej cp<= L[(H e a.T 0 )/a]T 0 J 

LyJ He LeJ ip4= [L|T e a.T 0 J/a]LT 0 J 

LyJ He LeJ v<= [(Ha. e^LxoJJ/ajLToJ 


Subderivation 
By i.h. 

By a property of substitution/ [—J 
By def. of [—J 


LyJ He LeJ <p<N pa. e^LxoJ 
W LyJ He LeJ <p<N Lp e T oJ 


By |Eplntro| 
By def. of [—J 


Y Hi e cp 0 => p e a.T 0 , , 

-F- - ---- IE Elim| 

Y Hi e T => [(p a-'r 0 )/ajT 0 - 

Y Hi e (p 0 =^ p e a.T 0 

LyJ He LeJ ip 0 =^ Lm- £ oc.t 0 J 
LyJ He LeJ (P 0 =^ pa. e ^L T oJ 


Subderivation 
By i.h. 

By def. of [—J 


LyJ Be LeJ T=> [(pa. e^LxoJ) / a] e^ToJ 
LyJ He LeJ T=> [Lp e a. t 0 J / a] e^Lx 0 J 
LyJ He LeJ t=> £► [[p e a.T 0 J / a] Lt 0 J 
LyJ He LeJ t=> (Lp e a. x 0 J / a] [t 0 J 
W LyJ He LeJ t=> L[(B e a.To)/a]T 0 J 


By |EpElim| 

By def. of [—J 

By a property of substitution 

By |E^EIim e | 

By a property of substitution/ (—J 


□ 


B .5 Elaboration 

Lemma 5. If P H e v : S t —» W then cp = val. 

Proof. By induction on the given derivation. 

For any rule whose conclusion has val, we already have our result. This takes care of le/abllntrol le/abVIntrol le/afoUIntrol the 
second conclusion of le/abllntrol le/abvarl and le/ab— dntrol Rules whose conclusions have target terms that can never be a value 
are impossible, which takes care of le/abVETi rn1le/abIlEliml[e7ab^-EI irriN|le/abfixvar|[e/abfix|[e/ab— >Elirn1|e/ab*Elim^|[e7ab+Elim| and 
|e/abpElim1 We are left with: 

• Case le/abllntrol (first conclusion): The result follows by i.h. and le/abfr-lntrol 

• Case le/ab*lntrol We have W = (Wi, Wf) ■ By i.h. twice, cpi = val and cp 2 = val. Applying le/ab* I ntrol gives the result (using 
val U val = val). 

• Cases [e7ab^-Elimy1|e/ab+lntroi < ||e/ab[.i-lntro| The result follows by i.h. and applying the same rule. □ 

Lemma 6 (Elaboration valuability). 

If P H e va |: S c —) M. then M is valuable, that is, there exists V such that M = V. 

Proof. By induction on the given derivation. 

• Cases le/abvarlle/abllntrolle/ab— dntrol Immediate. 

• Cases le/ab^-lntrol (N conclusion), |e/ab^-ElimN[re/abfixlle/abfixvarire/ab—>Elirn1|e/ab*ElimiJ|e/ab+Elim|[e/abpElirn| 

Impossible: these rules cannot elaborate values. 
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• Case le/afoH Intro I By i.h., M] and M 2 are valuable; therefore (Mi , M 2 ) is valuable. 

• Case le/abUEIiml By i.h., Mo is valuable; therefore proji Mo and proj 2 Mo are valuable. 

• Case [e/afo* Intro I Similar to the le/abHIntrol case. 

• Cases le/abVIntrolfe/abVEIiml By i.h., Mo is valuable; therefore A . Mo and M[ ]o are valuable. 

• Cases fe/ab^lntrol (V conclusion), |e/ab^Elimy| By i.h. 

• Case |e/afo+lntro k | By i.h., Mo is valuable; therefore inj k Mo is valuable. 

• Case |e/abplntro| By i.h., Mo is valuable; therefore roll Mo is valuable. 

Lemma 7 (Substitution—Evaluation orders). 

(1) If P, a evalorder, T * 1 2 * * * * 7 h S type and The eva lorder 
then F, [e/a] T / I- [e/a] S type. 

(2) If V derives F, a evalorder, T 7 Ee e <p<(= S and The evalorder 

then V' derives F, [e/a]F' Ee e <p<(= [e/a]S where T>' is not larger than V. 

(3) If T> derives F, a evalorder, T 7 Ee e <p=)> S and The evalorder, 

then T>' derives F, [e/a]F' Ee e <p=)> [e/a]S where V' is not larger than V. 


Proof. Part (1): By induction on the first derivation. Part (1) does not depend on the other parts. 
Parts (2) and (3): By induction on the given derivation, using part (1): 


Case lEVIntrol By i.h. and lEVIntrol 

^■ ase F, a evalorder, T ' E e e <p=)> Va. So F, a evalorder, T ' E S' type 

F, a evalorder, f' Ee e <p=¥ [S'/alSo 


lEVEIiml 


F, a evalorder, V' Ee ecp=)>Va. So Subderivation 

F,[e/a]F' E e e cp=> [e/a](Va. S 0 ) By i.h. 

F, [e/a]F' Ee e ep=> Va. [e/a]So By def. of subst. 

F, a evalorder, F ' I- S' Subderivation 

H [e/a] r' I— [e/a]S' Bypart(l) 

F, [e/a]F' E e e cp=> [[e/a]S'/<^] [e/a]S 0 Bv lEVEIiml 

F, [e/a]F' Ee e ep=r- [e/a][S'/oc]So By def. of subst. 


• Case 


(x : S) G (F, a evalorder, F 7 ) 


F, a evalorder, T' E e x va |=> S 
Follows from the definition of substitution on contexts. 
Case lEfixvarl Similar to the lEvarl case. 


□ 


The remaining cases are straightforward, using the i.h. and properties of substitution. □ 

Lemma 22 (Type substitution). 

(1) If F E S' type and F, a type E S type then F E [S '/(x\S type. 

(2) If F E S' type and F, a type E e q,: S e —> M then T E e v : [S 7 /oc]S » M. 

Proof. In each part, by induction on the second derivation. In part (2), the le/abVEIiml case uses part (1). □ 

Lemma 8 (Expression substitution). 

(1) If F E ei cp, : Si <—> Wand F,x : Si, F' E e 2 V2 : S M 
then F,F' E [ei/x]e 2 <p 2 : S [W/x]M. 

(2) If F E fix u. ei y: Si <—> fix u. Mi 

and T,u : Si, T' E e 2 (p 2 : S h M 

then F, F' E [(fix u. ei )/u] e 2 <p 2 : S [(fix u. M])/u] M. 

Proof. Part (1): By induction on the given derivation. In the le/afovarl case. use Lemma[5]to get F E ei va |: Si W. By weakening, 

F, T' E ei va |: Si c —» W, which is F, T' E [ei /x]x va |: S c —» [W/x]M. 

Part (2): By induction on the given derivation. Note that in the le/afofixvarl case. 92 = T. □ 
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Theorem 10 (Elaboration type soundness). 

If T I~e e <p <(= S or r l- E e <p =)> S 

where T h S type and F contains no a evalorder declarations 
then there exists M such that F I- er[e) S «—> M 
where cp'Cip and |F| hj M : |S|. 


Proof. By induction on the size of the given derivation. If cp' = cp, we often don’t bother to state cp C tp explicitly. 


• Case 


(x : S) e F 
F F E x va |=^ S 


lEvarl 


(x : S) e r 

ia- T h er(x) cp: S x 
(x : |S|) 6 |F| 
m- in F T x : |S| 


Premise 
Bv le/abvarl 
By def. of |—| 
Bv ITvarl 


• Case lEfixvarl Similar to the lEvarl case. 


f| "U. . S F E eo cpo ^ S —.— 

----- lEfixl 

F F E (fix u. eo) y<(= S 

F, u : S F E eo <po 4= S 
F,u : S F er(e 0 ) S M 0 
|F,u:S| b T M 0 : |S| 

|r|,u:|S| b T M 0 : |S| 


Subderivation 

By i.h. 

// 

By def. of |—| 


15 - 

ia- 


T,u : S F er(eo) y: S •—> fixu. Mo Bv le/abfixl 
|r| F t (fixu. M 0 ):|S| BvlTfixl 


• Case 


F F e e cp=)> S 
F F E e cp<= S 


lEsubl 


F F e e cp=> S Subderivation 

is- F F er(e) S » M By i.h. 

«#• cp' O cp " 

k- |F| F t M : |S| " 


Case 


T F e eo cp<(= S 

--- 1 

F F e (eo : S) cp S 

F F e eo cp<(= S 
F F er(e 0 ) cp': S 
cp' C«p 


anno 


M 


IH Ft M:|S| 

F F er((e 0 :S)) v >: S «-> M 


Subderivation 

By i.h. 
n 

n 

By def. of er(—) 


Case 


- lEUntrol 


r f e o va i<(= i 

F F er(()) cp: 1 ^ 0 
|F| Ft 0:1 
|F| F t 0 : |1| 


Bv le/abllntrol 
Bv lTlIntrol 
By def. of |—| 


• Case 


F, a evalorder F E e va |<(= So 
F F e e vai - ^ /-la. So 


lEillntrol 
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F, a E e e va |<= S 0 

Subd. 


F E e e va |^= [V/a]So 

By Lemma|7](2) 


F E er(e) va p [V/a]S 0 M v 

By i.h. 


in M v : |[V/a]S 0 | 

// 


F E e e va |<E= [N/a]So 

By Lemma|7](2) 


F E er(e) va p [N/a]S 0 M N 

By i.h. 


|F| Ex Mm : |[N/a]So 1 

// 

■3* 

F E er(e) va! : fla.S 0 (M v , M N ) 

Bvle/abUIntrol 


F Ex (M v , M n ) : Si * S 2 

BvlT*lntrol 

■3C 

|F| Ex (M v , M n ) : Ifla.Sol 

By def. of |—| 

Case 

F Ee e (p ^- fla. So F E e evalorder 




lEUEIiml 


r E er(e) fla.S 0 ^ M 0 Byi.h. 

cp 7 C cp 77 

IH E x M 0 :|[V/a]Sol*|[N/a]S 0 | " 

If e = V then: 

«a- F E er(e) [V/a]So ^-iproji Mo Bv le/abZlEliml 
w |F| E T proji M 0 : I[V/a]S 0 1 By |T*Elim7| 

Otherwise, e ^ V. It is given that F contains no a-declarations, and we also have The evalorder. It follows that e cannot be a 
variable a. Therefore e = N. 

*§■ P h er(e) (p/: [N/a]So proj 2 Mo Bv le/abHEIiml 
w |F| Ex proj 2 Mq : |[N/a]So| By |T*Elim 2 l 


Case 


F Eg e (p<= So 
f Ee e (p<= e^So 

r Ee e cp<^= So 


H VIntrol flirst conclusion) 


Subderivation 
F E er(e) So •—> Mo By i.h. 
cp'Ccp 

IH Et Mo : |Sol 

By similar reasoning as in the lEHENml case. either e = V or e = N. 
If e = V: 


|Sol — |V^Sol 

Let M = M 0 . 

F E er(e) V*-S 0 

cp 7 C(p 

IH E x M: IV^SqI 


By def. of |—| 


M Bv le/afc»-lntrol (first conclusion) 

Above 

By above equality 

If e = N: 

U |Sol = |N►SoI By def. of |—| 

Let M = thunk Mo. 

is- F E er(e) va |i N^So thunk Mo By [e/ab^Tntro] (second conclusion) 

By def. of C 
Bv IT—llntrol 


«*• val C cp 

|F| Ex thunk Mo : U |Sq| 


Ex M : | N ►So I 


By above equalities 


Case 


F E e e <p/^= So 
F E e e va |<= N*-S ( 


- IIV Introl isccond conclusion) 
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r l-E e cp'^= s 0 

F I- er(e) v '\ S 0 M 0 
^p' Cep 

|r| t - t Mo : |Sol 
U [S 0 | = IN►SoI 
Let M = thunk Mo- 

F h er(e) V ai : N^So > thunk Mo 
val C cp 

|F| hx thunk Mo : U |So| 

IH hx M : |N►SoI 


Subderivation 

By i.h. 

// 

// 

By def. of |—| 

B v le/afofr- Introl fsccond conclusion) 
By def. of C 
Bv IT— > I ntrol 
By above equalities 


Case 


r ^ e (p=)> V^S 


|E»-Elimv 1 


r h E e (p => s 

r l-E e (p=)> v^s 
F I- er[e) <p/: V*-S c —» Mo 
cp' Cep 

in bx Mo : |V^S| 

|V»S| = |S| 

Let M = M 0 . 

F I- er[e) v >: S M 
in I~t M:|S| 


Subderivation 

By i.h. 

// 

n 

By def. of |—| 

By |e/ab^Elimy| 

By above equalities 


Case 


r l~E e ,p'=> e^S 

r Le e t =¥ S 


|E»-Elim ~71 


By similar reasoning as in the lEHENml case. either e = V or e = N. 
If e = V, follow the|E^EIimy|case above. 


If e = N: 


r I - e e (p/=)> N^S 
P h er(e) v ": N^S » Mo 
IF | hx Mo : | N ► S | 

|N^S| = U |S| 

Let M = (force Mq). 
w P h er(e) y: S t —> force Mo 

«*• T CT 

in hx Mo : U |S| 

«a- |F| hx force Mo : |S| 


Subderivation 
By i.h. 

ii 

By def. of |—[ 

By \elabt^E\ i m [\| | 

By def. of C 

Above (|N^S| = U |S|) 

Bv lTUEIiml 


r h E ei cp , <= Si r h E e 2 <p 2 <= S 2 —-. 

- lE*lntrol 

r Le (ei , e 2 > cp,u l p 2 < ^= (Si * S 2 ) 

F h er(ei) v : Si Mi 
<pi ntpi 

|r| hx Mi : Si | 


By i.h. 

ii 

ii 


T h er(e 2 ) cp: S2 •-> M2 

<P 2 

IH hx M-2 ‘ IS 2 I 

r h (er(ei), er(e 2 )) cp^ucp': (Si * 
«a- cp) U cp) C cpi U Cp 2 

|r| hx (Mi, M2) : |S11 * IS2I 

w in hx (Mi, M2) : |Si * S2I 


By i.h. 
n 

n 

«—> (Mi, M 2 ) Bv le/ab*lntrol 

cp) Ccpi and cp) C cp 2 
By[T*Tntro] 

By def. of |— | 
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• Case 


r l-E eo 


(Si * S2) 


r b E (projk eo) T=^ s k 


|E*Elimk1 


r I- er(e 0 ) <p/: (Si * S 2 ) ‘ 
1 b T M 0 : |S, * S 2 I 
1 l“T M 0 : |S, | * |S 2 | 

r I- (proj k er(e 0 )) t- S k 
1 l“T (pr°j k M 0 ) : |S k | 


M 0 


By i.h. 


By def. of |—| 


(projkMo) By |e/ab*Elim k | 
By |T *Elim^1 


Case 


F> x : Si ! , 60 <po V= S 2 
P l-E (Ax. eo) va |<^= (Si —> S2) 


IE— >lntrol 


• Case 


r,x : Si b er(e 0 ) S 2 M 0 

By i.h. 

|F,x : Si b T M 0 : S 2 

// 

|F,x : S, | = (|F|,x:!Si|) 

By def. of |—| 

r,x : Si b er(e 0 ) v > o : S 2 ^ M 0 

Above 

F b (Ax. e 0 ) va |: (Si -> S 2 ) (Ax. M 0 ) 

Bvle/ab— dntrol 

|r|,x : Si bx M 0 : S 2 

Above 

|F|,x:|Si| b T (Ax. M 0 ) : |S, | —> S 2 

BvIT— dntrol 

|r|,x:|Si[ bx (Ax. Mo) : |Si — > S 2 | 

By def. of — | 

r b E ei (p, (Si — > S) F b E e 2 (p,<bSi -_—. 

- E— >Elim 


T h er(ei) (S' - 
1 b T M, : |S' -> S| 

1 b T M, : |S'| —> |S| 


S)hM, 


m 2 


By i.h. 

// 

By def. of |— 
By i.h. 


T h er(e 2 ) v >: S' 

| l~x M 2 : |S'| ' 

T b er(ei 0 e 2 ) t : (S' — > S) «—> (Mi M 2 ) Bv le/ab— >Eliml 
1 b T (M, M 2 ) : |S| Bv lT->Eliml 


• Case 


r, a type b E e 0 va i<= So 
P b E Aa. eo V ai^= Va. So 


lEVIntrol 


r, a type b E eo V ai<= So 
r, a type b er(e 0 ) va |: S 0 M 0 
|T, a type| b T M 0 : |S 0 | 

|f|, a type b T M 0 : |S 0 | 


Subderivation 

By i.h. 

// 

By def. of |—[ 


F b er(eo) va i: Va. So A_. M 0 

w P b er(Aa. eo) va |: Va. So A_. Mo 

IH bj A_. Mo : Va. |So I 

•s’ in bx A_. Mo : |Va. So 


Bv le/abVIntrol 
By def. of er(—) 
Bv ITVIntrol 
By def. of subst. 


• Case p |_ (p=^>Va. So F b S'type _ 

--- 7 - 7 -— lEVEIiml 

F b E eo [S ] cp => [S /a]So 
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r b E e 0 (p=^Va. So Subderivation 

T I- er(eo) cp ,: Va. So Mo By i.h. 

«■ cp' C cp 

IH hj Mq : |Va. Sol 


«■ 


T b S'type 

T b er(e 0 ) v '\ [S'/a]So •-> M 0 [_] 

T b er(e 0 [S']) [S'/a]S 0 » M 0 [_] 

in b is'i 


Subderivation 
Bv le/abVEIiml 
By def. of er(—) 
By Lemma|9] 


in Hr Mq : Va. |Sol 

in b T M 0 [_] : [|S'|/a]|S 0 | 

[|S'|/a]|S 0 | = ItS'/alSol 
«■ |F| hr M 0 [_] :|tS7a]S 0 | 


By def. of |—| 
Bv ITVEIiml 
From def. of subst. 
By above equality 


• Case 


b b E eo (p<= S k --- 

- E+lntro k 

r b E (inj k e 0 ) <pb= (Si +S 2 ) 


r b E eo <P <= S k 
r b er(eo) v ': S k £ -> Mo 
ts- cp' C cp 

in bx Mo : |S k | 

r b inj k er(e 0 ) v >: (S, + S 2 ) ^inj k M 0 
|r| b T inj k M 0 : |Si | + IS 2 I 
«• |r| b T inj k M 0 : |Si + S 2 | 


Subderivation 

By i.h. 
n 

n 

By |e/afo+lntro k | 
By |T+lntro^1 
By def. of |—| 


• Case 


T b E eo <p 0 =^ (Si + S 2 ) 


T, xi : Si b E ei <p, <^= S 
E, x 2 : S 2 b E e 2 cp 2 ^= S 


r b E case(eo, Xi .ei , X 2 .e 2 ) Tb= S 


1 E+Eliml 


b b E eo <Po => Si + s 2 
r b er(e 0 ) (Si +S 2 ) ^ M 0 
|r| b T M 0 : |Si + S2I 
IF! b T Mo : IS1I + IS2I 

r, xi : Si b E ei ip, <= S 
r,xi : Si b er(ei) v r. S <-> Mi 
|r,Xi : Si | bx Mi : |S| 
in,xi :|Si| b T Mi : |S| 

r,x 2 : S 2 b er(e 2 ) <p r. S ^-> M 2 
|r|,x 2 : IS2I bx M 2 : |S| 

w F b er(case(eo, xi .ei, X 2 .e 2 )) t : S 
ts" |F| bx case(Mo , xi .Mi , X 2 .M 2 ) : |S 


Subderivation 

By i.h. 

// 

By def. of |—| 

Subderivation 

By i.h. 

// 

By def. of |—| 

Similar to above 
// 

case(Mo , Xi .Mi , X 2 .M 2 ) By |e/ah+Elim| 

Bv lT+ENml 


• Case 


r 


b E e <p<b= [(|xa.S 0 )/a]So 
r b E e cp<b= qa. So 


|Eplntro] 
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Subderivation 

By i.h. 

// 

// 

By |e/abplntro| 
From def. of |—j 
By above equality 
By |Tplnt7o] 

By def. of subst. 


• »_ase r i_ „ „ c 

I b E e tp = 7 > pa. So 

P l- E e T =^ [(pa. So)/< 

Broadly similar to the |Eplntro| case. 

B.6 Consistency 

Lemma 11 (Inversion). Given ■ h e v : V ► . . . V ► S <—> M: 

0 or more 

(0) If M = (Ax. Mo) and S = (Si -> S 2 ) 

then e = (Ax. eo) and -,x : Si b eo S 2 t —t Mo. 

(1) If M = (Wt , W 2 ) and S = (fla. S 0 ) 

then • h e cp: [V/a]So > Wi and he,,: [N/a]So > W 2 . 

(2) If M = thunk M 0 and S = N^-So then ■ b e ^c: So •—> M 0 . 

(3) If M = A_. Mo and S = (Va. So) 
then ■, a type b e va |: So •—» Mo. 

(4) If M = (inj k W) and S = (S, + S 2 ) 

then e = (inj^ e') and - I- e' cp: Sk c —» W. 

(5) If M = (roll W) and S = (pa. So) 
then • h e cp: [(pa. So)/oc]So <—> W. 

(6) If M = (Wi, W 2 ) and S = (Si * S 2 ) 

then • I- ei cp,: Si Wi and ■ b e 2 cp 2 : S 2 c —» W 2 
where e = (ei, e 2 ) and cp = cpi u cp 2 . 

Proof. By induction on the given derivation. 

For some rules, the proof cases are the same for all parts: 


y |EpElim| 


f b E e v /= [(pa. So)/a]So 
F b er(e) [(pa.S 0 )/a]S 0 M 0 
«■ cp / C cp 

|F| b T M 0 : |[(pa.So)/a]Sol 
«■ F b er(e) v >: (pa. So) > (roll Mo) 

| [(pa. S 0 )/a]S 0 1 = [|pa.S 0 |/a] |S 0 | 

|r| bx Mo : [|pa. Sol/a] |So| 
in bx (roll Mo) : pa. |Sol 
«*• |P| bx (roll Mq) : |pa. Sol 


□ 


Cases le/ab^Introl tV conclusion), e/afc^-Elimyj 

The result follows by i.h. In the le/ab^lntrol case. we apply the i.h. with one less V^; in the|e/ab^Elim v |case, we have one more 


V*-. 


For part (0): 

• Case le/afc—» Intro I The subderivation gives the result. 

For part (1): 

• Case le/afoU Intro I The subderivations give the result. 

For part (2): 

• Case le/afcfr-IntroK N conclusion): The subderivation gives the result. 
For part (3): 

• Case le/abVIntrol The subderivation gives the result. 

For part (4): 

• Case |e/a b— Intro k| The subderivation gives the result. 
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For part (5): 

• Casc |e/afop.lntro| The subderivation gives the result. 

For part (6): 

• Case le/ab*lntrol The subderivations give the result. 

All other cases are impossible: either M has the wrong form, or S has the wrong form. 


Lemma 12 (Syntactic values). 

If T F e va |: S c —> W and W is N-free then e is a syntactic value. 

Proof. By induction on the given derivation. 

• Cases le/afollntrolfe/afovarlle/ab— tlntrol Immediate: the rule requires that e is a syntactic value. 

• Cases [e7afo^-ElimN]le/3ibfixvarlle/aMixlle/afo—^Elimlfe/afeElimklle/afo+Eliml 
Impossible: these rules require that val be T. 

• Case le/afoE-IntroK N-conclusion): Impossible: thunk Mo is not N-free. 

• Case |e/abp.Elim| Impossible: unroll Mo is not a value W. 

• Cases [e/abVlntrol[e/ahVEIim1le/ab^lntrol (V-conclusion), |e/ab^-Elimv| 

Apply the i.h. to the subderivation. 

• Cases le7afo*lntrol|e/ab+lntroi < [|e/afc[.[lntro| 

Apply the i.h. to the subderivation(s). 

• Case le/afoH Intro I Apply the i.h. to the F F e va |: [W/a]So VVj subderivation. 

• Case le/afoUEIiml Imposible: W must be a projection, but projections are not values. 


Theorem 14 (Consistency). 

If • F e <p: S M and M i—> M' then there exists e' such that e e' and • F e' 


r. S M' and tp' C cp. 


Moreover: (1) If tp = val then e' = e. (2) If M is N-free then e e' can be derived without using lSrcStepCtxN] 
Proof. By induction on the derivation of • F e tp: S t —> M. 


Cases [e/a fovarlle/abfixvarl Impossible, because the typing context is empty. 
Case 

• II ' I— f-'n ‘—1 iVIn 

- le/afofixl 


it: S F Cq tp: S c —t A/lo 


■ F (fixu. eo) t : S (fix u. Mo) 

•,u : S F eo tp: S Mo Subderivation 

(fix u. Mo) i—> M' Given 

M' = [(fix u. Mo)/u] Mo By inversion on rule lfixReducel 
(fix u. eo) [(fix u. eo)/u] eo BvlfixVreduceland|SrcStepCtxV| 


«s- 

(1) w 

(2) kt 

Case 


• F (fix u. eo) -[-: S «—> (fix u. Mo) Given 

•,u : S F e 0 cp: S «—> M 0 Subderivation 

• F [(fix u. eo)/u] eo tp:S^-> [(fix u. Mo)/u] Mo By Lemma[8](2) 

(holds vacuously) cp = T 

Derivation does not use|SrcStepCtxN| 


- I e/a FI intro! 


■ F () va ,: 1 ‘—> 0 
Impossible, since M = () but () 

Case c t c 

•,x . Si F eo tp. S 2 


> M' is not derivable. 

Mo r _, 

- le/ab— >lntrol 


■ F (Ax. e 0 ) va! : (Si -1 S 2 ) Ax. M 0 " 

Impossible, since M = Ax. Mq but (Ax. Mq) h M'is not derivable. 


□ 


□ 
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Case 


I - 6! cp, 

1“ 62 (p 2 


(St 
Si - 


*S)- 

m 2 


Mi 


- le/afo—>Eliml 


■ h (ei @ e2) r : S c —> (Mi M 2 ) 

First, note that cp = T so “moreover” part (1) is vacuously satisfied. 

We have (Mi M 2 ) 1 —> M'. By inversion on |StepContext| M = (Mi M 2 ) = C[M 0 ] and M' = C[Mq], From (Mi M 2 ) = C[M 0 ] 
and the definition of C, either C = [], or C = (Ci M 2 ), or C = (Mi C 2 ) with Mi a value. 


■ If C = [], then M = Mq and M' = By inversion on||3Reduce|with (Mi M 2 ) 1-4 R M\ we have Mi = (Ax. Mbody) 
and M 2 = W and M' = [W/x]Mbody. 

If Mi M 2 is not N-free, then: 


• F ei cp,: (Si —» S) ^4 (Ax. Mbody) Subderivation 
ei = (Ax. ebody) By Lemma UTlfO) 

•,x:Si h ebody V n: S «—> Mbody " 


■ F 62 (p 2 : Si » W 

«*• ■ h [e 2 /x]ebody S ^4 [W/x]Mbody 

is- cp' C cp 

(Ax. ebody) @ e 2 ~~>rn [e 2 /x]ebody 
is- (Ax. ebody) @ e 2 [e 2 /x]ebody 


Subderivation (M 2 

By Lemma[8](l) 

// 

By ||3Nreduce| 

By |SrcStepCtxN| 


W) 


If Mi M 2 is N-free, then: 


• h ei <p: (Si —> S) (Ax. Mbody) 

Subderivation 

ei = (Ax. ebody) 

By LemmafTTIfO'l 

•,x : Si h ebody v ": S ^4 Mbody 

// 

■ h e2 <p 2 : Si ^4 W 

Subderivation (M 2 

■ F e2 va |: Si W 

By Lemma[5] 

W is N-free 

Mi W is N-free 

■ F v val :Si -4 W 

By Lemma [l2l 

is- ■ h [v/x]ebody S ^4 [W/x]Mbody 

By Lemma[8]( 1) 

is- cp ' C cp 

// 

(Ax. ebody) @v ~+rn [v/x]ebody 

By||3Vreduce| 

is- (Ax. ebody) @v [v/x]ebody 

By|SrcStepCtxV| 


■ If C = (Ci M 2 ), then: 


Mi M 2 h 4 M' 

Given 

Cl [Mr] M 2 h 4 Cl [Mr] M 2 

By inversion on rule|StepContext| 

M, m; 


Mr l—>R Mr 

By inversion on rule|StepContext| 

Cl [Mr] h 4 Cl [Mr] 

By|$tepContext| 

M, 1-4 M{ 

By known equalities 

■ F ei 4 ,,: (Si 

-4 S) °4 Mi Subderivation 

6 i 

By i.h. 

■ F e[ (pj: (Si 

-4 S) -4 M{ " 

is- ei @ e 2 e( 0 e 2 

By|$rc$tepCtxV| 

• h c\ @ 62 T : 

S c —> M{ M? Bv|e/af>— >Elim| 


If M is N-free, then Mi is N-free and the i.h. is sufficient for “moreover” part (2). 

■ If C = (Mi C 2 ) where Mi is a value, then we have M 2 1 —> M^. 

If M is not N-free, then: 
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■S’ 


■ b £2 IP2 : Si > M2 

e2 o ' 2 

■ b o ' 2 : Si 

ei @ 0-2 £1 ® £2 

■ b 61 @ 62 T- S c —> Mi M2 


Subderivation 

By i.h. 

// 

By |SrcStepCtxN| 
Bv le/afo— >Eliml 


If M is N-free, then: 


* b ei (p,: (Si —> S) e — > Mi 

■ I - ei vai' (Si —> S) ^b Mi 

ei = vi 

• F e2 iP2 : Si “—i M 2 

e 2 e^ 

■ •“ e 2 <p' : Si ^b M 2 

«*• vi @ e2 vi @ 

is- ■ b vi @ ej T' (Si —> S) ■—» M( M2 


Subderivation 
By Lemma[ 5 ] 

By LemmalT 2 l 
Subderivation 

By i.h. 

// 

By |SrcStepCtxV| 
Bv le/ab— >Eliml 


Case 


■ I- e vai■ [V/a]S 0 Ml 

■ b e va |: [N/a]S 0 ^b M 2 

■ F e vai • (/la. So) ^b (Mi, M2) 


le/ahlllntrol 


By inversion on (Mi, M2) i-b M\ either M' = (M{, M2) and Mi 1—> M{, or M' 
In the first case: 


(Mi, M2) and M2 i-b M^. 


• F e vai" (V/a]So ^b Mi 

Mi h-> M{ 

■ 1“ £ vai- [V/a]So ^b M( 

• b e va i : [N/a]So ^b M 2 

O' • b e va |: (fla. So) ^b (M,', M 2 ) 
«*• V :: e -->* e 

(1) is- e' = e 

( 2 ) *#- V does not use |SrcStepCtxN| 

The second case is similar. 


Subderivation 

Above 

By i.h. (cp = vai so o' 

Subderivation 

Bv le/abUIntrol 

Above 

Zero steps in e e 


e) 


-bey: (fla.Sp) -b M 0 

■ b 0 <p: [V/a]So ^b (proji M 0 ) 

■ b e <p: [N/a]S 0 ^b (proj 2 M 0 ) 
First conclusion: 


I elabU Eliml 


(proji Mq) i—> M ? Given 

Either M' = proji Mg where M 0 i-b Mg, or M' = Wi and M 0 = (Wi , W 2 ). 
■ In the first case: 



■ h 6 cp‘ (,Qa. So) ^ M-o 

Subderivation 


Mo 1 —^ M 0 

Above 


■ F o' <p: (/(a. So) ^b Mq 

By i.h. 

• V 

e o' 

// 

(!)«• 

If cp = vai then 0 = 0' 

// 


If Mo is N-free then V does not use|$rc$tepCtxN| 

// 

(2)er 

If (proji Mq) is N-free then V does not use|$rc$tepCtxN| 

Definition of N 

■S’ 

• b o' cp: [V/a]So ^b Mg 

Bvle/abHEIiml 


■ In the second case: 
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-I— e tp: (fla.So) > (Wi, Wi) 
■ I- e cp: [V/a]So Wi 
proji (Wi, W2) 1—> Wi 

(1) **- Let e' = e. 

■s’ V :: e e' 

( 2 ) «s- 7 ? does not use[SrcStepCtxl\i 1 


Subderivation 
By Lemma ITTI(l') 
Given 

e' = e 

Zero steps in e e' 


Second conclusion: 

Either M' = proj2 Mg where Mg 1—> Mg, or M' = Wi and Mo = (Wi, W2). 

■ In the first case: similar to the first subcase of the [V/a] part above. 

■ In the second case: similar to the second subcase of the [V/a] part above. 


Case 


■ > a L e va 1. S 


M 


- le/abVIntrol 


■ h e va |: Va. S A_. M 

This case is impossible, because (A_. M) 1—> M' is not derivable. 

• Case 


I— e <p: Va. So 


Mo 


I- S ' type 


■ h e <p: [S'/a]S 0 M 0 [_] 


le/abVEliml 


(M 0 [_]) n M' 

Given 

M 0 = (A_. M') 

By inversion 

■ h e q,: Va. So Mo 

Subderivation 

• 1 - e tp: Va. So £ -» (A_. M'] 

By above equality 

•, a type h e v : So » M' 

By Lem maim ( 3 ) 

«• ■ 1- e 4,: [S'/a]So > M' 

By LemmalZZl 

is- e e 

Zero steps 

“Moreover” parts ( 1 ) and ( 2 ) are immediately satisfied, because e' = e. 

• Case -he^SnH Mo 


- : - le/ab^lntrol 

■ e V^So c —> Mo 

■ h e va |: N^So c —I thunk Mq 


The second conclusion is not possible, because 
For the first conclusion: We have Mo = M. 

(thunk Mo) 1—> M' is not derivable. 

■ L e tp'- So *—> M 

Subderivation 

is- T >:: e e' 

By i.h. 

■ h e' ;p/: So » M' 

// 

-6 

in 

-6 

// 

(l)is- If cp = val then e = e' 

// 

( 2 )«s- If M is N-free then V does not use 

|SrcStepCtxN| 11 

is- he' ;p/: V^So > M' 

Bv|e/ah^lntro| 


Case 


• he 


V^S 


M. 


• L e«:S 


M 


- |e/afo»-Elimv| 


By i.h. and |e/ab^Elimy[ 
Case 


• (- e 


N*-S M 0 


|e/ab»-Elim^| 


• L e y: S =-> (force Mo) 

We have (force Mo) 1—> M'. If Mo 1—» Mg, use the i.h. and then apply |e/ab^ElimN[ Otherwise, Mo 
■ I- e (p 0 : N^S <—> thunk M' Subderivation 

is- ■ h e S M' By Lemma 1111(21 

® ipg ET By def. of C 

is- e e Zero steps 

(1) is- (holds vacuously) cp = T 

( 2 ) «s- Derivation does not use|SrcStepCtxN| Zero steps 


thunk M'. 
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Case 


b ei (pi Si c —> Mi • b e 2 <p: S2 » M2 

• b (ei, e 2 ) cp: (Si * S2) c —> (Mi, M2) 


le/af»lntrol 


Apply the i.h. to the appropriate subderivation, then apDlv le/ah*lntrol and |SrcStepCtxV| 

“Moreover” part ( 1 ): 

If cp = val, the i.h. shows that e{ = ei (or e 2 = e2 if M2 1-4 M^); thus, (e{, e2) = (ei , e2) (or (ei , e' 2 ) = (ei , e 2 ) ). 
“Moreover” part ( 2 ): 

If (Mi, M2) is N-free, then Mi and M2 are N-free, and the i.h. shows that Vo :: e k does not use |SrcStepCtxN[ Therefore 

(ei , e2) ... does not use|SrcStepCtxN| 


" ‘"' s ■ b e 0 (p 0 : (Si * S2O M 0 ——--. 

-7-7---7-——7 |e/3D*Ehmk| 

• h (proj k e 0 J t• Sk (projk M-o J 

We have (projk Mo) 1—> M'. 

If Mo 1—> Mq then use the i.h. and apply |e/ab*Elimk| 

Otherwise, Mo = (Wi, W 2 ) and M' = Wk. 

■ If M is not N-free, we can use |projNreduce| 

«*• • b ek <p k : Sk » Wk By Lemma|TT](6) 

e 0 = (ei, e 2 ) " 


w projk (ei, e2) e k 


By|projNreduce| 


“Moreover” part ( 2 ): M is not N-free. 

■ If M is N-free, we have the obligation not to use|projNreduce| 


■ b eo cp 0 : (Si * S2) (W,, W 2 ) 

■ b eo val ■ (Si * S2O (Wi, W 2 ) 

• b v va! : (Si *S 2 ) (Wi, W 2 ) 

• b (vi, v 2 ) va i: (Si * S 2 ) ^ (Wi, W 2 ) 

• b V k val" Sk ^ W k 


Subderivation 
By Lemma[ 5 ] 

By Lemma[l 2 l 
By Lemma|TT]( 6 ) 

11 


tg projk ( v l , V2) v k By|projVreduce|and|SrcStepCtxV| 


“Moreover” part ( 2 ): we did not use |SrcStepCtxN| 
“Moreover” part ( 1 ): cp = T. 


Case 


tg 

tg 

tg 


■ b eo <p: Sk M 0 —,-, 

- e/aD+IntrOb 

■ b (injk e 0 ) cp: (Si + S 2 ) (injk M 0 ) 

(injk Mo) i-> M' 

M — (injk M 0 ) and iVIo 1— t iVl0 

• b eo cp: Sk *—> Mo 

• b cp-: Sk Mo 

ip' Cep 

eo e^ 

(injk eo) (inj k eo) 

• b (injk e^) cp': (Si +S2) (inj k M o) 


Given 

By inversion 
Subderivation 
By i.h. 

n 

n 


By |e/ab+lntrOkl 


“Moreover” part ( 1 ) follows from the i.h. 

“Moreover” part ( 2 ) follows from the i.h.: If inj k M 0 is N-free, then M 0 is N-free; if eo 
can derive (injk eo) (injk e^) without[SrcStepCtxN| 


e'o does not use|SrcStepCtxN| we 


Case 


• b eo cp 0 : (Si + S2) c —1 Mo 
■ b case(eo , Xi .ei , X2.S2) T : S 


•,xi :Si b ei cp b S c t A/Ii 
•,X2 : S2 b e2 cp 2 : S M2 
> case(Mo, xi .Mi , X2.M2) 


le/ah+Eliml 


First note that “Moreover” part ( 1 ) is vacuously satisfied, since cp = T. 

We have case(Mo, xi .Mi , X2.M2) 1—> M 7 . Either ( 1 ) Mo 1—» Mq and M 7 = caselMg, xi .Mi ,X2.M2) or ( 2 ) Mo = 
(inj k W) and M'= [W/x k ]M k . 

For ( 1 ), apply the i.h. to ■ b eo cp: (Si + S2) •—I Mo and apply |e/ab+Elim| "Moreover” part ( 2 ) follows from the i.h. 

For ( 2 ) if M is not N-free, we can use|SrcStepCtxN| 
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•I- e 0 Vo : (Si + S 2 ) (inj k W) 

eo = injk 

■ F e' ^:Sk mW 
•jXk • Sk F Uk (pk- S c t M.k 
W ■ I- [eo/xk]e k <p': S -4 [W/x k ]M k 

eo = injk e^ 

case(inj k eo, X! .e! , X 2 .e 2 ) ~» RN [eo/x k ]e k 
■a- case(e 0 , xi .ei, x 2 .e 2 ) [eo/x k ]ek 


Subderivation 
By Lemma UTl (41 

11 

Subderivation 
By Lemma[ 8 ](l) 

Above 

Bv IcaseNreducel 

By |SrcStepCtxN| 


For (2) if M is N-free, we can show • F [eo/xk)ek : S e —> [W/x k ]M k as in the case when M is not N-free, but we have an 
obligation (“Moreover” part (2)) not to use lcaseNreducel 


■ F e 0 Vo : (Si + S 2 ) ^4 inj k W 

■ H e 0 va |t (Si + S 2 ) <-> inj k W 
eo = v 

■ b v va( : (Si + S 2 ) ^4 inj k W 

Vo = injk Vq 

■a- e [vo/x]e k 


Subderivation 
By Lemma [5] 

By Lemma [l2l 
By above equality 
By Lemma [TTI (4) 
BvlcaseVreduceland|SrcStepCtxV| 


Case 


F e <p: [(qa. So)/oc] So -4 M 0 


|e/abplntro| 


■ F e cp: qa. So ^4 (roll M 0 ) 

By inversion. Mo 1-4 Mq and M' = (roll Mg). 

■ F e (pi [(qa. So)/a] So °4 Mo Subderivation 
• F e' v : [(qa.S 0 )/a]S 0 -4 Mq Byi.h. 

is- e e' " 

m- - I— e / cp: qa. So °4 (roll Mq) By |e/abqlntro| 
“Moreover” parts (1) and (2) follow from the i.h. 

Case 

• i— k u.or.. .^a *—1 /via 

- |e/abpEliTn 1 


I- e (p 0 : qa. S 0 c —t M 0 


■ F e - 7 : [(qa. So)/a]So ^4 (unroll Mo ) 1 
We have (unroll Mo) t -4 M'. Either (1) M r = (unroll Mq) and Mo 
If (1), similar to the|e/afiqlntro|case. 

If (2): 

■ F e (p 0 : qa. So °4 (roll W) Subderivation 
**• -he' <p /: [(qa. So) /a] So ^4 W By LemmaQT|(5) 
is- e e' " 

“Moreover” part (1) is vacuously satisfied; part (2) follows from the i.h. 


Mq or (2) M 0 = (roll W) and M' = W. 


□ 


Theorem 15 (Multi-step consistency). 

If ■ h e cp : S °4 M and M 1-4* W then there exists e' such that e e' and • F e' va |: S °4 W. Moreover, if M is N-free then we 
can derive e e' without using |SrcStepCtxNl 

Proof. By induction on the derivation of M 1-4* W. 

If M = W then let e 1 be e. By Lemma[5] ■ I- e' va p S ^4 W. The source expression e steps to itself in zero steps, so e e, i.e. 
e e 1 . We did not use |SrcStepCtxN| 

Otherwise, we have M 1-4 M' and M' 1 - 4 * W for some M'. By Theorem fl4l ■ F ei cp: S ^4 M', where e e-[ ; also, if M 
is N-free, then Theorem |T4] showed that we did not use |SrcStepCtxN| If M is N-free, then by Lemma fl3l M' is N-free. By i.h., there 
exists e' such that e 1 e' and ■ F e' va p S ^4 W. It follows that e e'. □ 


If a source type, economical typing judgment, or target term is not N-free, we say it is N-tainted. 

Lemma 16. If T F k e v =/ S and S is not N-free then it is not the case that both P and e are N-free. 

Proof. By induction on the given derivation. 

• Case lEVEIiml If S' is not N-free, then e = eo [S^ is not N-free. Otherwise, we have that S = [S , /a]So is not N-free; since S' 
is N-free, So must not be N-free, which lets us apply the i.h., giving the resut. 
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• Cases lEllEliml[EWEIimv|[E^EIim e | The i.h. gives the result. 

• Cases lEvarllEfixvarl The type S appears in T, so T is N-tainted. 

• Case lEannol The type S appears in e = (eo :S), so e is N-tainted. 

• Case IE—>Eliml If S is N-tainted then Si —> S is N-tainted, and the result follows by i.h. 

• Cases |E*Elim,|Eu.Elim| Similar to the lE—>El im]case. □ 

Theorem 17 (Economizing preserves N-freeness). 

If y hi e (p <(= t (resp. =)>) where the judgment is N-free (Definition|T](2)) then [yj I-e L e J <p^= L T J (resp. =)>) where this judgment 
is N-free (Definition[2](2)). 

Proof. By induction on the given derivation. We can simply follow the proof of Theorem [T] observing that if the given impartial 
judgment is N-free, the resulting economical judgment is N-free. For example, in the 11 Intro! case, we have r = (xi A T 2 ). Since 
we know that t is N-free, e = V, so the translation of r is (W[tiJ) —> [T 2 J, which is N-free. Note that Definition Q](2)(b) bars 
x -p=£> t declarations—which would result in x : N^ ■ • —from y. □ 

Theorem 18 (Elaboration preserves N-freeness). 

If T I~e e <p <(= S (or =)>) where the judgment is N-free (Definition [2] (2)) then T h er(e) v : S «—> M such that M. is N-free. 

Proof. By induction on the given derivation. 

• Case lElIntrol A pp 1 y I e/a/jl I n L rol 

• Case ! E II Intro I Impossible: S = Ha. So, which is not N-free (Definition[2](l)(ii)). 

• Case lEHEIiml 

We have T hg e cp=)> Ha. So, where S = [S'/a]So- 

By Definition[2](l)(ii), the type Ha. So is N-tainted. So, by Lemma fl~6l at least one of T and e is N-tainted. But it was given that 
the judgment T I~e e S is N-free, which means that T and e are N-free. We have a contradiction: this case is impossible. 

• Case lElIntrol (first conclusion): Use the i.h. and apply rule le/ab^IntroK first conclusion). 

• Case lE^IntroK second conclusion): Impossible: S = N^-So, which is not N-free. 

• Casc jEfr- Elim v [ Use the i.h. and apply rule |e/ab^-Elimy| 

• Case | II ► El im e | 

We have T I— E e cp => e>-S. 

If e = V then use the i.h., apply rule |e/ab^Elimy| 

Otherwise, e^S is not N-free. As in the lEHEIiml case. we can use Lemma ITbl to reach a contradiction. 

• Cases lEvarllEfixvarllEfixllEVIntrollEVEIimllE—rlntrollE^EIimllE^EIim.lE+Intro^llE+ElimllEialntro |Ep.Elim| 

Use the i.h. on all subderivations (if any) and apply the corresponding elaboration rule, e.g. in the lEfixI case. applv Ie/aMixl 

• Cases lEsubllEannol Use the i.h. 

• Case lErlntrol Use the i.h. on each subderivation, and appl v le/a faint rol □ 
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